Join me at HIMSS 2018 for a Conversation About ‘Intelligent Threat Intelligence’ in Healthcare

You can draw a lot of parallels between security and healthcare, right down to language we use to describe malicious software. We call various forms of malware viruses, worms and the like not only because they propagate as disease, but more relevantly to us – they are also treated as such.

Symptomatic treatment is any medical therapy of a disease that only targets its symptoms, not its cause, i.e., its etiology. Despite the limitations of this approach for many diseases, even those whose etiologies are known (as with most viruses, such as influenza), symptomatic treatment remains the only option available. By and large, we’ve been doing the same thing in security. Firewalls stop intrusions, endpoint protection systems detect malware and sometimes attempt to remove it from systems, and incident responders do follow up investigations, often looking for the same malware on a different system, all with the goal of making sure the symptoms are gone.

And yet, the root causes of cybersecurity conditions are well known. In fact, I’d argue that we know a lot more about malware and machines than we know about the human body. To stick with the medical analogy, we know the etiology of malware quite well. And yet, the healthcare industry continues to struggle when it comes to cybersecurity. Josh Corman, Director of the Cyber Statecraft Initiative for the Atlantic Council, highlighted healthcare security as a critical issue as part of the Congressional Task Force on Cybersecurity . He shared five critical uncomfortable truths:

(1) Known Vulnerabilities Epidemic

Over 1,400 vulnerabilities in just one legacy medical technology. The sheer volume of vulnerabilities makes prioritization of the backlog an arduous, and often uncertain task; compounded by the difficulty of remediation in the healthcare space.

(2) Vulnerabilities Impact Patient Care

Hollywood Presbyterian and UK Hospitals patient care was shut down by one security compromise, implying that the impact of a “denial of service” is much greater in the healthcare setting.

(3) Premature/Over-Connectivity

“Meaningful Use” requirements drove hyper-connectivity without secure design and implementation, meaning remote code execution vulnerabilities are prevalent throughout healthcare environments.

(4) Legacy Equipment

Equipment is running old, often unsupported and vulnerable operating systems such as Windows XP.

(5) Severe Lack of Security Talent

The majority of health delivery organizations lack full time security personnel, meaning that the responsibility falls to large organizations to address not only their own vulnerability backlog, but also measure and mitigate third party risk.

Addressing these challenges will require an evolved approach, one that allows healthcare organizations to move past treating cybersecurity symptoms to tackling the root cause. I’d like to invite you to join me at HIMSS 2018 on Wednesday, March 7 where I will be discussing how healthcare organizations can gain critical insights into context and apply appropriate statistical blending of data to truly make their threat intelligence – intelligent.