A New Treatment for Hospital Cybersecurity

 
Uncategorized

Hospitals have become a major target for cyberattacks. A single medical record can fetch anywhere between $30 and $500 compared to just 10 to 15 cents for a credit card number. Employees at the Erie Country Medical Center in New York found this out the hard way when every screen in their 550-bed facility went blank. A ransomware message quickly followed, demanding over thirty thousand dollars in Bitcoin. According to news reports, hackers were able to slip in through the hospital’s main computers and onto their online backup system, taking down over 6000 computer systems of the level-one trauma center, making it the largest American hospital hacked this year. After 6 weeks, some computer systems were still being restored at the hospital.

The proliferation of connected devices in hospitals, as well as the increasing volume of data traveling in and out the network, have made traditional security measures dangerously inadequate. In fact, 93 healthcare organization were victims of cyberattacks last year – a striking 63 percent increase from the previous year and this trend is likely to continue until hospitals, and enterprises alike, update their cybersecurity strategy to directly address today’s threats.

There Are Always Side Effects

Hospitals are embracing emerging technologies including the Internet of Things (IoT). From X-ray machines to blood pressure monitors and connected medical devices, hospitals are creating new efficiencies while simultaneously generating more data than ever before. And if the sheer volume of the data wasn’t enough for healthcare IT professionals to deal with – the complexity of that data is also growing, especially as hospitals are connecting with each other and telemedicine gains momentum. Today, millions of patient records are stored in hospital datacenters – or in the cloud as is frequently becoming the case – and thousands of transactions from a variety of devices are taking place on the network every second, generating a virtual storm of sensitive data. And of course, this data must be treated with strict regard to privacy and authorized access as specified within the US Government HIPAA regulations. While this increase in data and data complexity can lead to improved patient care, it also provides more opportunities for data to be compromised at the endpoints and from within the network.

Cloud computing and shared cloud storage have also introduced a new entry point for hackers. The days of on premise datacenters are quickly coming to an end as organizations migrate their data to the more convenient and more cost-effective cloud. However, the cloud brings a vulnerability cost. Numerous organizations are sharing resources in public clouds, which offers hackers easier access to others within the same cloud via malware Trojans, given that they are already inside the network. Malware programs are also becoming more sophisticated with their ability to self-morph, making them very difficult to detect by conventional signature techniques. These Trojans can hide within the network and slowly steal data or even remain dormant until instructed to activate, like some of the recent Distributed Denial-of-Service (DDoS) attacks.

A Comprehensive Treatment Option

Traditional security models have focused on protecting only the perimeter of the network. But between the increased number of physical entry points within the connected hospital, and vulnerabilities presented by the cloud, this approach is far too simplistic for today’s complex, data-intensive world. Firewalls and other boundary-based security solutions fail to address threats from within a network. They also do not have the ability to detect malware that has managed to infiltrate the network nor can they effectively combat internal attacks once detected.

A modern hacker’s toolbox is sophisticated and there is no single “silver bullet” when it comes to cybersecurity, which is why Mellanox strongly encourages organizations to leverage a comprehensive security strategy.

First, a distributed security approach provides a multi-layered defense with protection at the perimeter and within the network, as well as at individual servers and devices connected to the network. Distributed security scales as the data center scales and doesn’t require expensive upgrades to perimeter security appliances when the network bandwidth grows.  While this approach to security may sound costly, it can actually be quite cost-effective and represents a drop in the bucket compared to the potential costs of a security breach.

Second, encrypting data both in flight and at rest – even inside a hospital firewall – has become imperative. The thousands of transactions taking place per second and the magnitude of data moving around within the network at any given time means security measures that only protect data at the disc are putting an enormous amount of data at risk. Healthcare data should be encrypted whenever it is in transit as well as when it is stored, with strong key management to enforce authorized access.

Finally, authorization is a hyper-important step in protecting data. This is especially vital in hospitals where multiple healthcare professionals and members of the administrative staff, each with specific needs, require access to patient records. Such a variety of users presents more opportunities for a data breach, intentional or otherwise. Hospitals and other organizations handling highly sensitive information need to consider authorization that goes beyond mere usernames and passwords, and should include certificates and digital signatures, as well as 2-factor authentication.

Beating the Odds

Readers may feel overwhelmed at the prospect of such a comprehensive, multi-layered approach. You may be saying to yourself, “That all sounds great in theory, but implementing all those security measures would grind my network to a halt.” And this is a natural concern of course. In fact, worries about loss of performance or network availability is often the primary reason – not cost – why organizations choose not to deploy adequate security.

Typical software-only approaches suffer from three shortcomings:

  • Loss of performance – Inability for general-purpose CPUs to deliver line-rate processing at smaller packet sizes and with low latency and jitter
  • Over-consumption of server resources – burning CPU cycles on networking and security functions, rather than the true application workloads
  • Inadequate protection from insider threats – Malicious applications could reside in an adjacent Virtual Machine running on the same server.

Despair not!

Mellanox overcomes any performance concerns resulting from robust security measures by increasing network speeds and performing security processing within each network node. Hardware-based security can prevent malware from getting onto the network or crossing between server nodes with Mellanox SmartNICs acting like security guard posts on individual servers. In addition to implementing normal security functions, these adapter cards can monitor traffic and provide telemetry metadata to a centralized workstation. If an issue is identified, any specific traffic flow or server can be shut down before it impacts the entire network. As a bonus, this highly-distributed security scales far better than traditional security appliances at the network edge.

Finally, hospitals – or any organization for that matter – should be exploring the potential that Artificial Intelligence (AI) may hold for security. AI security uses heuristic learning methods, moving away from simple malware signature detection or rigid security policies that are nearly impossible to scale. AI-based system watch the network behavior under normal conditions, learning what a healthy network looks like and if an anomaly arises, quickly flag abnormalities. It can be seen that having distributed hardware security “agents” throughout the data center offers broad visibility to such AI-based tools and also affords the trusted mechanisms to shut off attack traffic at individual nodes.

This may all sound daunting, but security breaches are becoming more frequent and more costly for everyone involved. With all of the highly sensitive data that has the potential to be stolen, hospitals should reevaluate their security measures today. Otherwise, they risk becoming the next Erie Country Medical Center or Equifax and spending millions of dollars – not to mention the lost customer confidence – trying to recover from what could have been a preventable breach.

Supporting Resources:

About Bob Doud

Bob Doud is Senior Director of Marketing at Mellanox Technologies, responsible for security applications as well as driving adoption of the new BlueField family of ARM processor enabled networking devices. Bob joined Mellanox in Feb 2016 from Tilera / EZchip where he managed the TILE multicore processors family. Previously, he had over 20 years of experience in the security field at companies such as SafeNet, NetOctave and Hifn. His technical background spans encryption and security, processor architectures, telecom and enterprise hardware and software.

Comments are closed.