Here is the latest monthly blog from the HIMSS Privacy and Security Committee…called PSST! Keep reading to learn more about this month’s topic –Cyber Threat Intelligence in Health Care, by HIMSS Privacy and Security Committee Chair Person Jeff Bell, CISSP, GSLC, CPHIMS, ACHE, Director, IT Security and Risk Services, CareTech Solutions.
One of the most noticeable challenges facing health care organizations today is that cyber threats have increased and evolved to include targeted, sophisticated attacks originating from organized nation state actors, cyber criminals and hacktivists. This is in contrast to the days when many attacks were carried out by individuals simply looking to demonstrate their computer hacking skills by disrupting company websites or networks. These less sophisticated attacks still occur and must be defended, but many of today’s threats are much more advanced.
Today’s new directed threat scenarios can be categorized as Advanced Persistent Threats (APTs). Attackers use numerous tactics, techniques, and procedures to quietly gain access to an organization’s information and assets without being noticed and can remain undetected for extended periods of time. During a targeted attack, unauthorized changes occur within computer and network systems, but evidence of such changes may be either successfully covered up by the attacker or may not be detected due to inadequate security monitoring by the organization.
While not all cyber threats today are APTs, the security measures needed to protect against APTs also provide protection for many of the more common threats. Essential security measures include the following: patching application and operating system vulnerabilities, deploying systems with secure configurations, gathering and monitoring system logs for indicators of compromise (IOC), security awareness training, and using network and endpoint intrusion prevention and detection systems.
As a result of these sophisticated cyber threats, health care organizations are realizing that their current cybersecurity programs are not sufficient to prevent, detect, respond and recover from the current level of cyber attacks. Healthcare organizations are working hard to make needed improvements. One resource healthcare organizations should make use of is cyber threat intelligence (also known as CTI). Cyber threat intelligence is specific, detailed, actionable data about cyber threats, cyber threat actors, malware, vulnerabilities, and indicators of compromise (IOC). Simply put, cyber threat intelligence is all about helping the healthcare organization improve its security posture based on accurate, detailed information on the current cybersecurity threats.
Cyber threat intelligence data can be categorized as human readable or machine readable, strategic or tactical, and internal or external. Cyber threat intelligence data can come from a number of sources. Examples of non-commercial cyber threat intelligence sources include the United States Computer Emergency Readiness Team (US-CERT), the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, InfraGard, and the National Cyber-Forensics & Training Alliance, amongst other sources. Cyber threat intelligence data can also come from commercial cyber threat intelligence sources. For instance, vendors of security products, such as endpoint security applications, web security gateways, messaging security gateways, security information and event monitoring platforms (SIEM) and network intrusion prevention systems (IPS) may have their own threat intelligence data feeds.
In light of increasingly sophisticated cyber threats, healthcare organizations should evaluate the effectiveness of their cybersecurity program and make improvements where appropriate. Consider how cyber threat intelligence can help your healthcare organization to improve the ability to prevent, detect, respond and recover from cyber attacks.
For more information on cyber threat intelligence in health care, please see our HIMSS Privacy and Security Committee’s brief: http://himss.files.cms-plus.com/HIMSS_PS_Brief_Threat_Intelligence_in_Healthcare_Final.pdf.