Why Healthcare Security Requires an Operation-Centric Approach

The healthcare industry is getting much more attention than normal right now. COVID-19 has disrupted business operations and turned lives upside down around the world as everyone struggles to get the pandemic under control.

Unfortunately, healthcare has also captured the attention of cybercriminals as they attempt to capitalize on the stress and chaos of the pandemic. The COVID-19 pandemic has challenged every level of the healthcare industry. Doctors were quickly overwhelmed by the sheer volume of patients infected with COVID-19.

Hospitals struggled with shortages of personal protective equipment and many were forced to make tough decisions for patient care with insufficient medical resources to go around. Meanwhile, scientists and researchers worked around the clock to find more effective treatments and to develop a viable vaccine.

Healthcare Under Siege

While the healthcare industry and the world at large grapple to contain the pandemic, cybercriminals see an opportunity. The additional confusion and stress combined with the heightened importance of healthcare as we strive to deal with COVID-19 make it an ideal target for malicious operations and ransomware attacks. As a result, healthcare facilities and pharmaceutical companies are prime targets.

In October of 2020 the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert with the Federal Bureau of Investigation (FBI) and Department of Health and Human Services (HHS), stating that there was credible intelligence of an imminent cyber threat against hospitals and healthcare providers. The threat was attributed to the cybercriminals behind the TrickBot malware that has been associated with ransomware attacks.

DevOps Unbound Podcast

Early in 2020, the United Kingdom’s National Health Service (NHS) shared a warning of an ongoing phishing scam that claimed to be a COVID-19 vaccination invitation. Those who clicked on the links in the fake invitation were then directed to a site that looked like an official NHS site and asked to share personal and financial information.

There was another incident in February of this year where a ransomware attack resulted in the exposure of sensitive information such as patient diagnostic results and employee background checks being exposed as additional incentive to pay the ransom in a double extortion scheme. Cybercriminals recognized that victims can refuse to pay the ransom and just restore data from backups, so they have expanded the attack to include extortion with the threat that the compromised data will be shared publicly if the ransom is not paid.

You Have to See the Big Picture

Effective cybersecurity is like a jigsaw puzzle. If you only have a single piece—or even a handful of pieces—of the puzzle, it is difficult to know what the final picture will look like. The problem with traditional cybersecurity tools and next-gen solutions is that each one is only focused on giving you one narrow piece of the puzzle.

We look at attacks through a broader lens to see the big picture. Malops™—short for malicious operations—that include a variety of tactics and techniques, many of which may seem trivial or innocuous in and of themselves. Cybereason focuses on Indicators of Behavior (IoBs) to quickly identify suspicious or malicious activity, and provide the visibility, context, and intelligence customers need to take action at the earliest stages of an attack and respond before it escalates to a serious event.

Better Protection with the Cybereason Defense Platform

One thing that is common across all of these events is that the compromised organizations relied on traditional cybersecurity tools and “next-gen” solutions that were unable to protect them. The reactive model of cybersecurity and struggling to manage an overwhelming volume of alerts is simply not effective for stopping today’s threats.

Cybereason has a different approach to cybersecurity. The Cybereason Defense Platform takes an operation-centric approach to security that enables customers to detect attacks earlier so security teams can remediate faster—long before an attack escalates to the level of a major breach event.

That’s why we consistently succeed in protecting our customers against advanced adversaries. While tens of thousands of businesses and government agencies around the world have been scrambling to recover, Cybereason protected all of our customers from both the SolarWinds and HAFNIUM attacks.

We protected them not only because we deliver a solution that has the ability to detect advanced attacks earlier and remediate against them faster, but because our core values as a company necessitate that we protect our customers above all else.

Learn How to Defend Against Attacks Such As SolarWinds and HAFNIUM

Sign up for our next Live Attack Simulation, it’s an inside look at how these multi-stage malicious operations work and how defenders can break the kill chain and end the attack.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Tony Bradley. Read the original post at:

Tony Bradley

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 4 cats, 3 rabbits, 2 ferrets, pot-bellied pig and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at [email protected]. For more from me, you can follow me on Twitter and Facebook.

tony-bradley has 184 posts and counting.See all posts by tony-bradley

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)