Can EHRs Survive Cyber Attacks?

Since cybersecurity healthcare threats on hospital EHR systems have become a topic of nightly newscasts, no longer is anyone shocked by their scope and veracity. What is shocking is the financial damage these attacks are predicted to cause as they reverberate throughout the economy.

In June 2016, more than 11 million patient EHRs were breached, making it the year’s worst incident according to a study by DataBreaches.net and Prontenus. For comparison, May had less than 700,000 and 2016’s former breach leader (March) topped out at just over 2.5 million.Cyber Attacks

While traditional security filters like firewalls and reputation lists are good practice, they are no longer enough. Hackers increasingly bypass perimeter security, enabling cyber thieves to pose as authorized users with access to hospital networks for unlimited periods of time. The problem is not only high-tech, but also low-tech — requiring that providers across the continuum become smarter about data protection and privacy issues. Medical facilities are finding they must teach doctors and nurses not to click on suspicious links.

However, organizational threats manifest themselves through changing and complex signals that are difficult to detect with traditional signature- and rule-based monitoring solutions. These threats include external attacks that evade perimeter defenses and internal attacks by malicious insiders or negligent employees.

Along with insufficient threat detection, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there is already a shortage of these skilled professionals. Hospital CISOs and CIOs already operate under tight budgets without needing to hire additional cybersecurity guards.

Healthcare security pros need to pick up where those traditional security tools end and realize that it’s the data that is ultimately at risk. The safeguarding of the EHR data is as important, if not more imperative, than just protecting the network or the perimeter.

Some cybersecurity sleuths deploy a variety of traps, including identifying an offensive file with a threat intelligence platform using signature-based detection that scans a computer for known offenders. This identifies whether those types of files exist in the system. However, millions of patient and medical data files need to be uploaded to cloud-based threat-intelligent platforms, scanning a computer for all of them would slow the machine down to a crawl or make it inoperable. Threats are developing so fast that those techniques don’t keep up — and why wait until you are hacked?

The Mix of Forensics and Machine Learning
Instead of signature- and reputation-based detection methods, smart healthcare CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. They are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.

In the past, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, the computer is trained to find those differences, but much faster with multidimensional signatures that detect problems and examine patterns to identify anomalies that trigger a mitigation response.

Take the Good with the Bad
Machine learning generally works in two ways: supervised and unsupervised. With supervised learning, humans tell the machines which behaviors are good and bad, and the machines figure out the commonalities to develop multidimensional signatures. With unsupervised learning, the machines develop the algorithms without having the data labeled, so they analyze the clusters to figure out what’s normal and what’s an anomaly.

SEE ALSO: Cloud Sharing and Security Compliance

The obvious approach is to implement an unsupervised, machine learning protective shield that delivers a defense layer to fortify IT security across EHR platforms and other hospital IT systems. A self-learning system with the flexibility of being able to cast a rapidly scalable safety net across an organization’s information ecosystem, distributed or centralized, local or global, cloud or on-premise. Whether data resides in a large health system or small chain of clinics, rogue users are identified instantly.

By applying machine learning techniques across a diverse set of data sources, systems become increasingly intelligent by absorbing more and more relevant data. These systems can then help optimize the efficiency of hospital security personnel, enabling organizations to more effectively identify threats. With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.

Healthcare security analysts of all experience levels can also be empowered with machine learning through pre-analyzed context for investigations, making it easier for them to discover threats. This enables hospital CISOs to proactively combat sophisticated EHR attacks by accelerating detection efforts, reducing the time for investigation and response.

The Digital Eye Sees All
“EHR interoperability continues to be a big problem for hospitals and the entire healthcare industry,” said Donald M. Voltz, MD. “However, the theft of patient data is worse. EHR systems and EHR-compatible healthcare systems produce and manage a lot of data. This makes the industry a sitting duck for cybercriminals. With a cloud-based security net of machine-learning, ambient technology and behavioral analysis that can cover all of the EHR platforms, interoperable or not, a great high tech security blanket is achieved.”

Once a machine learning system is in place, organizations need to identify solutions that employ behavioral analytics that baseline normal behaviors and identify irregularities. While the technology is advanced, the concept is simple.

One of the popular AI innovations is “Ambient Cognitive Cyber Surveillance” technology, an “all-seeing eye” that can digitally fingerprint user access behavior and identify rogue users instantly using an innovative process. This creates a virtual, formidable defense layer powered by cognitive surveillance that is simple to deploy, easy to use, operates automatically in the background and vastly improves an organization’s defense against cyber security threats, data breaches and privacy violations.

An enterprise cybersecurity system such as this understands, recognizes and remembers normal user habits, patterns and behavior as they use applications in the day-to-day. Through a baseline, such a platform is able to predict and detect anomalous user activity in real-time, thereby mitigating risk rapidly.

Hospital and other healthcare facilities should consider AI-based systems, as they are easy to deploy and healthcare organizations can rapidly scale across EHR systems — distributed or centralized or cloud or on-premise. With this type of comprehensive cybersecurity system, the gloomy doomsday scenario offered up by many cybersecurity ventures will no longer be a concern.

Santosh Varughese is president of Cognetyx.

About The Author