WootCloud Blog

Visibility and Behavioral Baselining to Drive Security KPIs in Healthcare and Biotech Pharma

Dated processes and technologies drive attacks plaguing health and medical verticals in 2022

Our healthcare breach series continues with the second in the series highlighting the Fails. Part one highlighted and discussed Recommendations for Closing IoT/IIoT/IoMT Security Gaps in Healthcare

Part 2 covers the broader errors in cybersecurity posture, with part 3 discussing broader tips you can apply to protect your organization. It took 5 minutes to build this list, so assume there are many more…

With a nice confluence of money, IP, health-related patient data, and finance-related patient data, healthcare and insurance companies are lucrative attack targets for cyber criminals.

As highlighted in Part 1, healthcare, hospitals, biotech, and pharma companies are also rich users of IoT, Automation, Software and other connected tools, making them more susceptible to both errant patching, errant implementation, human error in use, and more.

  • Saltzer Health – Email breach – 13K PHI potentially exfiltrated.
  • Texas ENT Specialists – Hacking – 500K records exposed
  • Loyola University Medical Center – Email breach – 16K PHI potentially exfiltrated.
  • Broward Health – Third Party Supplier breach – 1.3M records exposed, possibly exfiltrated
  • BioPlus – Breach affected 350K customers – now facing class action lawsuit
  • Clinical data technology vendor Ciox Health recently reported a breach – this impacting 32 healthcare organizations across the country.

Themes in Failure – Visibility and KPIs

The plethora of IoT devices tells the story. According to a Forrester report, “State of Enterprise IoT Security in North America: Unmanaged and Unsecured”:

> 67% of enterprises have experienced an IoT security incident
> 84% of security professionals believe IoT devices are more vulnerable than computers
> 93% of enterprises are planning to increase their spending on security for IoT and unmanaged devices

The threat is real. IoT and connected device use across verticals continues to grow in mid double digits per year. With 5G uptake exceeding expectations, this IoT growth will only accelerate.

We analyze root causes of failure and ways to prevent threats and drive your Security KPIs forward in 2022.

Visibility into Managed and Unmanaged Devices – and their Behavior

We leverage your existing security tools and frameworks for across IT and security adding ours to extend visibility not only to IoMT but to the ecosystem of managed and unmanaged devices your patients, their visitors, your employees, and your facilities have and bring. This level of visibility is often overlooked and is critical for effective threat modeling which underpins the design of an effective security strategy.

For healthcare organizations, this means that in addition to employees’ smartphones, tablets, and printers, it can discover security cameras, temperature control systems, and even kiosks that are used in a clinical environment. Details such as manufacturer, model, operating system, serial number, and a wide range of identifying data points are also included. Visibility is where WootCloud begins.

As of early 2020, some 83% of hospital-based, internet-connected CAT scanners, MRI scanners, X-ray machines and mammography equipment were running on old versions of Windows that are no longer supported by Microsoft. That means there are no OEM patches available even when documented threats emerge.

The ability to see and understand devices in your airspace using Your WiFi, Bluetooth, and any other types of peer-to-peer connection (e.g Zigbee) points is also critical. These might evade your older security tools and is especially helpful in mapping devices to the value they provide in caring for your patients. 

Understanding User and Device Behavior Against Baselines to Identify Persistent and Exfiltration Threats

Phishing clearly remains an issue—43% of email recipients fell for one study’s targeted phishing attempts at least once, and 11.9% more than once—and is still one of the leading causes of security incidents leading to ransomware that impacts data and clinical operations.

With gaps in people, processes and technology clearly evidenced by the last few weeks of breaches, WootCloud summarizes it’s capabilities in identifying Infiltration, and then Persistence and Exfiltration.

First, once  attackers are inside the network, they can blend in by using legitimate credentials and applications obtained through Phishing and other means. If organizations are just looking for known exploits, they won’t be able to find these attackers lurking in their network. WootCloud user and device-centric behavioral analysis against baselines helps surface material suspicious behaviors.

Second, many organizations focus their efforts on preventing malware and intrusions at the network perimeter. While this is essential, they may inadvertently turn a blind eye to threats inside their networks. They do not monitor for behavioral anomalies indicative of internal reconnaissance, lateral movement, or data exfiltration.

And lastly, security teams are overwhelmed by a huge volume of alerts. Some organizations report receiving a million alerts a day. Organizations often build crude correlation rules to find threats. Organizations need something better. 

*WootCloud’s user and device-centric behavioral analysis against baselines again intelligently alerts and remediates threats giving your teams manageable, nuanced control.

Business Value

Our mission, like yours, is to provide your patients, doctors, nurses, employees and more with a safe, user-friendly and secure environment by:

  • Giving Full visibility – with RF and Network sensors seeing 100% of your devices and infrastructure encompassing all stages of attack – infiltration, persistence, and exfiltration
  • Reducing Mean Time to Resolution (MTTR )– with AI/ML-powered, automated remediation that drives >70% reduction in threat hunting times
  • Boosting User Experience – by reducing support ticket volumes, lowering alert noise for a >60% gain in operational efficiency (~1.4 FTE Service Savings per site/ per shift)

Each of these benefits on their own can offer 5-6 figure USD savings per year, shortening the payback period on your investment.

The perfect cybersecurity storm has arrived. Consider intelligent device and infrastructure security today.

To learn more in a zero touch, no obligation Demo or POC, please contact us.

Continue to the second blog in the healthcare security series highlighting the broader errors in healthcare security.

Share this post with your network.

Share on linkedin
Share on twitter
Share on facebook
Contributing Authors:

Andreas Stenzel

Share this post with your network.

Share on linkedin
Share on twitter
Share on facebook

This website uses cookies to ensure you get the best experience on our website.