PSST! Cyber Threat Intelligence in Health Care

 Here is the latest monthly blog from the HIMSS Privacy and Security Committee…called PSST!  Keep reading to learn more about this month’s topic –Cyber Threat Intelligence in Health Care, by HIMSS Privacy and Security Committee Chair Person Jeff Bell, CISSP, GSLC, CPHIMS, ACHE, Director, IT Security and Risk Services, CareTech Solutions.

One of the most noticeable challenges facing health care organizations today is that cyber threats have increased and evolved to include targeted, sophisticated attacks originating from organized nation state actors, cyber criminals and hacktivists.  This is in contrast to the days when many attacks were carried out by individuals simply looking to demonstrate their computer hacking skills by disrupting company websites or networks.  These less sophisticated attacks still occur and must be defended, but many of today’s threats are much more advanced.

Today’s new directed threat scenarios can be categorized as Advanced Persistent Threats (APTs).  Attackers use numerous tactics, techniques, and procedures to quietly gain access to an organization’s information and assets without being noticed and can remain undetected for extended periods of time.  During a targeted attack, unauthorized changes occur within computer and network systems, but evidence of such changes may be either successfully covered up by the attacker or may not be detected due to inadequate security monitoring by the organization.

While not all cyber threats today are APTs, the security measures needed to protect against APTs also provide protection for many of the more common threats.  Essential security measures include the following: patching application and operating system vulnerabilities, deploying systems with secure configurations, gathering and monitoring system logs for indicators of compromise (IOC), security awareness training, and using network and endpoint intrusion prevention and detection systems.

As a result of these sophisticated cyber threats, health care organizations are realizing that their current cybersecurity programs are not sufficient to prevent, detect, respond and recover from the current level of cyber attacks.  Healthcare organizations are working hard to make needed improvements.  One resource healthcare organizations should make use of is cyber threat intelligence (also known as CTI).  Cyber threat intelligence is specific, detailed, actionable data about cyber threats, cyber threat actors, malware, vulnerabilities, and indicators of compromise (IOC).  Simply put, cyber threat intelligence is all about helping the healthcare organization improve its security posture based on accurate, detailed information on the current cybersecurity threats.

Cyber threat intelligence data can be categorized as human readable or machine readable, strategic or tactical, and internal or external.  Cyber threat intelligence data can come from a number of sources.  Examples of non-commercial cyber threat intelligence sources include the United States Computer Emergency Readiness Team (US-CERT), the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, InfraGard, and the National Cyber-Forensics & Training Alliance,  amongst other sources.  Cyber threat intelligence data can also come from commercial cyber threat intelligence sources.  For instance, vendors of security products, such as endpoint security applications, web security gateways, messaging security gateways, security information and event monitoring platforms (SIEM) and network intrusion prevention systems (IPS) may have their own threat intelligence data feeds.

In light of increasingly sophisticated cyber threats,  healthcare organizations should evaluate the effectiveness of their cybersecurity program and make improvements where appropriate.  Consider how cyber threat intelligence can help your healthcare organization to improve the ability to prevent, detect, respond and recover from cyber attacks.

For more information on cyber threat intelligence in health care, please see our HIMSS Privacy and Security Committee’s brief:


This entry was posted in Privacy and Security and tagged , . Bookmark the permalink.

3 Responses to PSST! Cyber Threat Intelligence in Health Care

  1. John Sharp, MSSA, PMP, FHIMSS says:

    what to you think about Ransomware as a threat in healthcare?

    • Jeff Bell says:

      Hello John,
      I just noticed your question about ransomware. The NYT article you linked to gives a good summary of this attack vector. Many healthcare organizations have been impacted by ransomware. It is a growing problem because it is a moneymaker from the cyber criminals. The impact can be pretty devastating IF organization have not previously backed up the data which the ranswomware encrypted. Backups really are one of the best defenses against this type of threat. Other measures to protecting against Ransomware are similar to protecting against other malware. Steps that make it hard for malware to install on endpoints are all good. Users not having rights on their default account – so malware fails to install. Controls that provide protection at the gateway can also help. Email security gateways, web security gateways, DNS reputation services, all reduce the likelihood that ransomware and other malware will get through. As we discuss in this article, incorporating threat intelligence into these controls improves their effectiveness.

      Hope that helps.

  2. This is a serious threat as the lives of people can be at stake here. Healthcare organizations should not put system security at the back of the closet as a lot of things can go wrong in the presence of a malicious security breach. It’s good that you made people become aware of this as actions are needed for improved security measures.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s