A lack of AI-based security and
inefficient protocols make IoT
healthcare devices vulnerable to
cyberattacks, says report
inefficient protocols make IoT
healthcare devices vulnerable to
cyberattacks, says report
Lack of AI security puts IoT medical devices in danger of cyberattacks
May 06, 2019
by John R. Fischer, Senior Reporter
A lack of AI-based security tools and inefficient protocols by staff have made healthcare internet-of-things (IoT) devices easy targets for cybercriminals, according to the Vectra 2019 Spotlight Report on Healthcare.
The provider of AI detection tools for cybersecurity threats asserts in its findings that insufficient access controls, reliance on legacy systems and unpartitioned networks have left medical IoT devices vulnerable to hacking that could result in the theft of personally identifiable information (PII) and protected health information (PHI), as well as disrupt healthcare delivery processes. The report suggests that such risks could be mitigated with the inclusion of AI for detecting hidden threats in enterprise IT networks.
"I think the reason for slow adoption otherwise is simply because the concept of internal network monitoring for proactive threat hunting is only a few years old. It takes time for market adoption of any new idea, starting with the forward thinking organizations followed by the mass market," Chris Morales, head of security analytics at Vectra, told HCB News. "There is also the secondary factor of many healthcare organizations having a lean security team. Anything new runs the risk of creating more work and noise. That has to be a factor in the decision making process of what technology to implement and use."
Healthcare organizations face challenges in managing legacy systems and devices due to their weak security controls. Both, however, provide important access to patient health information, ushering in the need for better understanding of network behavior so that risks of legacy systems can be managed and new technology can be leveraged to its full potential.
Policies and procedures that are not thorough and lack essential details can lead staff members to commit errors such as improper handling and storage of patient files, which cybercriminals can target and exploit as a weakness.
Utilizing Vectra’s Cognito threat-detection and response platform, the authors of the report assessed the actions and trends in networks from a sample of 354 opt-in enterprise organizations in healthcare, as well as eight other industries. The platform utilizes AI to collect, enrich and store network metadata with the right context to detect, hunt and investigate hidden threats in real time. It can scale to the largest organization’s networks with a distributed architecture made up of a physical, virtual and cloud sensors that prevent attackers from hiding by providing 360-degree visibility across cloud, data center, and user and IoT networks.
Based on network traffic monitoring and metadata of more than three million workloads and devices, they found that attackers blend with existing network traffic behaviors to hide their intentions and carry out a number of approaches that set off risks for businesses and disastrous data breaches.
They include:
• Using hidden Hypertext Transfer Protocol Secure (HTTPS) tunnels to high command-and-control communications in healthcare networks. This enables external communication of information in multiple sessions for long periods of time that appears to be normal encrypted web traffic.
• Hiding data exfiltration behaviors through hidden domain name system (DNS) tunnels. The most common method of attack, actions consistent with exfiltration can be caused by IT and security tools that use DNS communications.
• Internal reconnaissance in the form of internal Dark Net scans and Microsoft Server Message Block (SMB) account scans. This behavior occurs when internal host devices search for internal IP addresses that do not exist on a network, while SMB account scans are due to a host device quickly using multiple accounts through the SMB protocol typically used for file sharing.
Despite these risks, the report did find a lower number of ransomware attacks in the second half of 2018. It still, however, insists that such attacks be caught early, before files are encrypted and clinical operations are disrupted. Botnet attacks in healthcare were also lower in general, compared to other industries.
"When you factor in the time it takes a lean security team to discover a data breach, it becomes apparent that healthcare organizations must be more vigilant about what happens inside their networks," said Morales. "It's critically important to know the difference between an attack in progress versus network traffic that is associated with business as usual. It's unacceptable (and embarrassing) to find out weeks, months or years later that a breach occurred. I believe the answer lies in 360-degree visibility inside the network, real-time attacker detection, and the prioritization of all detected threats - from cloud and data center workloads to user and IoT devices."
Some tips he recommends for protecting one's organization against threats include "eliminating the manual, time-consuming work of security analysts; lowering the skills barrier needed to hunt down cyberthreats; considering that everything is connected, which makes for an easy target; and providing visibility inside the network to see attackers and what they're doing."
Twelve percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis, according to Vectra.
The workloads and devices assessed were derived from customer cloud, data center and enterprise environments.
The provider of AI detection tools for cybersecurity threats asserts in its findings that insufficient access controls, reliance on legacy systems and unpartitioned networks have left medical IoT devices vulnerable to hacking that could result in the theft of personally identifiable information (PII) and protected health information (PHI), as well as disrupt healthcare delivery processes. The report suggests that such risks could be mitigated with the inclusion of AI for detecting hidden threats in enterprise IT networks.
"I think the reason for slow adoption otherwise is simply because the concept of internal network monitoring for proactive threat hunting is only a few years old. It takes time for market adoption of any new idea, starting with the forward thinking organizations followed by the mass market," Chris Morales, head of security analytics at Vectra, told HCB News. "There is also the secondary factor of many healthcare organizations having a lean security team. Anything new runs the risk of creating more work and noise. That has to be a factor in the decision making process of what technology to implement and use."
Healthcare organizations face challenges in managing legacy systems and devices due to their weak security controls. Both, however, provide important access to patient health information, ushering in the need for better understanding of network behavior so that risks of legacy systems can be managed and new technology can be leveraged to its full potential.
Policies and procedures that are not thorough and lack essential details can lead staff members to commit errors such as improper handling and storage of patient files, which cybercriminals can target and exploit as a weakness.
Utilizing Vectra’s Cognito threat-detection and response platform, the authors of the report assessed the actions and trends in networks from a sample of 354 opt-in enterprise organizations in healthcare, as well as eight other industries. The platform utilizes AI to collect, enrich and store network metadata with the right context to detect, hunt and investigate hidden threats in real time. It can scale to the largest organization’s networks with a distributed architecture made up of a physical, virtual and cloud sensors that prevent attackers from hiding by providing 360-degree visibility across cloud, data center, and user and IoT networks.
Based on network traffic monitoring and metadata of more than three million workloads and devices, they found that attackers blend with existing network traffic behaviors to hide their intentions and carry out a number of approaches that set off risks for businesses and disastrous data breaches.
They include:
• Using hidden Hypertext Transfer Protocol Secure (HTTPS) tunnels to high command-and-control communications in healthcare networks. This enables external communication of information in multiple sessions for long periods of time that appears to be normal encrypted web traffic.
• Hiding data exfiltration behaviors through hidden domain name system (DNS) tunnels. The most common method of attack, actions consistent with exfiltration can be caused by IT and security tools that use DNS communications.
• Internal reconnaissance in the form of internal Dark Net scans and Microsoft Server Message Block (SMB) account scans. This behavior occurs when internal host devices search for internal IP addresses that do not exist on a network, while SMB account scans are due to a host device quickly using multiple accounts through the SMB protocol typically used for file sharing.
Despite these risks, the report did find a lower number of ransomware attacks in the second half of 2018. It still, however, insists that such attacks be caught early, before files are encrypted and clinical operations are disrupted. Botnet attacks in healthcare were also lower in general, compared to other industries.
"When you factor in the time it takes a lean security team to discover a data breach, it becomes apparent that healthcare organizations must be more vigilant about what happens inside their networks," said Morales. "It's critically important to know the difference between an attack in progress versus network traffic that is associated with business as usual. It's unacceptable (and embarrassing) to find out weeks, months or years later that a breach occurred. I believe the answer lies in 360-degree visibility inside the network, real-time attacker detection, and the prioritization of all detected threats - from cloud and data center workloads to user and IoT devices."
Some tips he recommends for protecting one's organization against threats include "eliminating the manual, time-consuming work of security analysts; lowering the skills barrier needed to hunt down cyberthreats; considering that everything is connected, which makes for an easy target; and providing visibility inside the network to see attackers and what they're doing."
Twelve percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis, according to Vectra.
The workloads and devices assessed were derived from customer cloud, data center and enterprise environments.