British healthcare organisations, like their counterparts in the US and Europe, are currently facing a deluge of ransomware that threatens to overwhelm systems. Widely reported figures gleaned from an FoI request reveal nearly half (47%) of NHS Trusts in England have been infected over the past year. This is just the tip of the iceberg. Ransomware is one of many online threats facing healthcare IT bosses coming to terms with the fact patient data is increasingly highly sought after on the dark web.
The mission criticality of IT systems, rigorous compliance requirements and often stretched resources make securing these environments even more challenging. That’s why IT buyers need to consider a new approach designed to focus on east-west traffic inside the data centre.
A Global Problem
Ransomware is not just a UK healthcare problem, of course. Hospitals in the US, Germany and elsewhere have all been taken out of action for days at a time after the malware encrypted their files. The result? A severe impact on patient care, compliance repercussions and potentially major financial implications. The Hollywood Presbyterian Medical Center, for example, ended up paying $17,000 in Bitcoin to regain access to its mission critical files. Reports suggest ransomware masterminds are targeting such organisations with high ransom demands because they’ll be more likely to pay up, rather than risk impacting patient health.
Hospitals must also battle attempts to steal highly sought-after patient data. Another FoI request covering the first three months of 2016 found healthcare organisations reported the most breach incidents (184) of any sector to UK privacy watchdog the ICO.
Apart from these obvious threats, IT managers must cope with additional challenges, including:
- A lack of investment in IT security, especially in the cash-strapped NHS
- A patchwork of systems to secure – including on-premises, cloud and bare metal servers
- Current legacy tools which focus on the perimeter but lack visibility into east-west traffic
- Strict compliance requirements, (UK: Data Protection Act, NHS Act / US: HIPAA)
Detect and Respond
The NHS was by far the biggest single source of data security incidents in Q1 2016, accounting for 43%, according to the ICO. But the most determined hackers will be able to breach systems. So the key must be to focus on data centre security which offers process-level visibility and real-time breach detection combined with a rapid response.
Today’s forward-leaning healthcare organizations are deploying active breach detection solutions that feature high-interaction, dynamic threat deception that redirects attackers into an isolated environment where they can be contained and analysed. But detection is only one aspect for dealing with threats. Once detected, today’s most advanced threat deception solutions need to be able to also assist in incident response procedures by easily identifying the scope of the attack, including compromised systems, for rapid remediation. Given the financial pressure NHS IT teams are under, they also need security which helps them do more with less. Automatic monitoring and in-depth semantic analysis will identify attacks as early on as possible in the kill chain and ensure teams only focus time and resources on legitimate incidents.
Doing so will reduce the chances of potentially major data breach fines from the ICO. And applying an automated, standardised approach to breach detection and response, with pinpoint accurate granular reporting, will go a long way to meeting HIPAA risk assessment requirements.