Long before the pandemic, the health care sector was steadily working toward digital innovations to support the growing need for delivering patient care outside of the traditional hospital setting. COVID-19 spurred providers to expedite those plans with the rapid adoption of telehealth, 5G, and other remote technologies, creating new technology challenges.
Prior to their presentation at HIMSS21 on August 9, Theresa Lanowitz, director of evangelism at AT&T Cybersecurity, and Keith Weisman, SentinelOne’s senior director of sales engineering, spoke with SC Media to address some of the potential risks posed by the rapid adoption of digital innovations and needed mitigations for securing endpoints in the health care enterprise.
New technologies make health care more accessible to the public, but simultaneously become more pervasive, according to Lanowitz. In all industries, 5G can be a catalyst for change in the enterprise in determining where and how to harness compute power, as well as new use cases and applications for technology.
Recent data from the AT&T Cybersecurity Insights report found an overwhelming majority of surveyed entities are researching, implementing, or completing a 5G journey.
“5G usage certainly will advance productivity but can also be used by threat actors during data exfiltration. In this case, it can be done quickly which further drives the need to reduce mean time to detect and mean time to remediation/prevention,” Weisman noted.
For health care, entities are concentrating on innovating IoT devices, high-speed video, virtual reality, augmented reality, and other platforms to better serve patients and improve business operations. But as previous studies have noted, threats are increasing as more enterprises continue to adopt new technologies.
Although next-generation tools and edge-to-edge connections can vastly improve experiences, Lanowitz explained that entities must ensure transformations are done with confidence and speed – but not haste.
“With more connected devices and data crossing an increasingly diverse network environment, the cyberattack surface grows, and new threats emerge,” said Lanowitz. “Managing cyber risk becomes more complex and costly, yet business innovation must continue.”
“Without a modern cybersecurity and compliance regimen aligned to digital transformation initiatives, healthcare providers may be exposed to new and increased threats and vulnerabilities that can put the business and patient data at risk,” she added.
To securely accomplish innovative goals, Lanowitz recommended provider organizations work with a managed security service provider (MSSP), which can serve as an advisor to ensure the enterprise is leveraging the right people, processes, and technologies.
Part of that process should also be the shift toward a zero trust mentality within the organization, also known as a principle of least privilege. In short, it’s the idea that the enterprise trusts no one person and verifies every individual with access or attempting to access the network. As entities continue to adopt new technologies, Lanowitz explained a zero trust mindset is key.
Endpoint security recommendations
The health care chief information security officer role is one of the toughest security positions, due to the complexity of the environment and the need for digital tech adoption, all while constrained by resources and regulations. The position also requires data security concerns and the use of legacy infrastructure.
And in the meantime, threat actors are continuing to target providers in force, Weisman added. Most providers are “in the midst of a high stakes game of capture the flag, where the consequences can, at the extreme, mean life or death.”
“Considering the options available to cyber criminals, it’s no surprise the premium that PHI carries, and no mystery why the healthcare industry sits squarely in their sights,” said Weisman.
As data continues to move from the point of care, throughout the health network, and even out-of-network, the challenge to secure endpoints increases alongside an imperative to keep patient data secured.
The Health Insurance Portability and Accountability Act Privacy Rule requires health care covered entities to obtain satisfactory assurances from each business associate that they’re employing proper safeguards to protect the patient health information in their possession. This means providers should obtain “an attestation to its appropriateness in helping an organization maintain HIPAA compliance.”
From a policy perspective, the security leader or administrator will need to include language detailing the criticality of basic security hygiene, such as configuration or patch management. As provider organizations look to increase the connectivity of assets, basic hygiene is paramount.
To further minimize the risk, Weisman made several key recommendations for securing endpoints, which should include the implementation of endpoint protection and response tools able to “distribute autonomous intelligence at the endpoint, so that the endpoint itself becomes the point of enforcement.”
The endpoint defense and monitoring tools should also have capabilities for providing equal protection on a wide range of platforms, considering the diversity of tech within the health care environment.
“Modern malware and fileless attacks spread quickly, we can no longer afford to wait on a network connection or human intervention. Seconds count,” he added.
Further, entities may want to consider the combination of artificial intelligence and automation tools that monitor endpoints on the user- and server-sides, physical or virtual, remote- or on-site, and any other access points.
The tools should be able to seek “aberrant behavior and stop the activity before damage and loss occurs. Then, automated correlation of the attack’s events should simplify and accelerate triage, so that analysts can quickly respond,” said Weisman.
“Rogue devices on your network can become a forward base of operations for attackers as they conduct reconnaissance and move laterally across your network,” he continued. “Automated visibility and deployment are also critical.”
Existing managed endpoints should also be configured to automatically monitor network traffic and isolate threats without the need to manage additional hardware or software. In short, a security leader should ideally be able to manage endpoint protection and response tools from a single multi-cloud console.
The system will need a mechanism able to quickly and easily deploy protections, when an unmanaged device is located by these tools. Weisman explained that “ideally, this can be accomplished in a streamlined manner with the infrastructure already in place. For example, the solution that found the device also performs the deployment.”
“Since 5G is bringing high speed connections to devices and networks that otherwise may not have been routable, it is paramount to ensure your deployed solution has critical capabilities,” he added.
As always, health care providers should work alongside trust advisers to ensure they’re employing the right measures to safeguard digital assets, which will enable expedient responses to security events, explained Lanowitz. These partners can also drive efficiencies for security operations.