Skip to content

Posts tagged ‘endpoint security’

5 Strategies Healthcare Providers Are Using To Secure Networks

5 Strategies Healthcare Providers Are Using To Secure Networks

  • Healthcare records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record.
  • The growing, profitable market for Protected Health Information (PHI) is attracting sophisticated cybercriminal syndicates, several of which are state-sponsored.
  •  Medical fraud is slower to detect and notify, unlike financial fraud (ex. stolen credit cards), contributing to its popularity with cybercriminals globally.
  • Cybercriminals prefer PHI data because it’s easy to sell and contains information that is harder to cancel or secure once stolen. Examples include insurance policy numbers, medical diagnoses, Social Security Numbers (SSNs), credit card, checking and savings account numbers.

These and many other insights into why healthcare provider networks are facing a cybersecurity crisis are from the recently declassified U.S. Department of Health & Human Services HC3 Intelligence Briefing Update Dark Web PHI (Protected Health Information) Marketplace presented April 11th of this year. You can download a copy of the slides here (PDF, 13 pp, no opt-in). The briefing provides a glimpse into how the dark web values the “freshness’ of healthcare data and the ease of obtaining elderly patient records, skewing stolen identities to children, and elderly patients. Protenus found that the single largest healthcare breach this year involves 20 million patent records stolen from a medical collections agency. The breach was discovered after the records were found for sale on the dark web. Please see their 2019 Mid-Year Breach Barometer Report (opt-in required) for an analysis of 240 of the reported 285 breach incidents affecting 31,611,235 patient records in the first six months of this year. Cybercriminals capitalize on medical records to drive one or more of the following strategies as defined by the HC3 Intelligence Briefing:

Stopping A Breach Can Avert A HIPAA Meltdown

To stay in business, healthcare providers need to stay in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA provides data privacy and security provisions for safeguarding medical information. Staying in compliance with HIPAA can be a challenge given how mobile healthcare provider workforces are, and the variety of mobile devices they use to complete tasks today. 33% of healthcare employees are working outside of the office at least once a week. And with government incentives for decentralized care expected to expand mobile workforces industry-wide, this figure is expected to increase significantly. Health & Human Services provides a Breach Portal that lists all cases under investigation today. The Portal reflects the severity of healthcare providers’ cybersecurity crisis. Over 39 million medical records have been compromised this year alone, according to HHS’ records from over 340 different healthcare providers. Factoring in the costs of HIPAA fines that can range from $25,000 to $15.M per year, it’s clear that healthcare providers need to have endpoint security on their roadmaps now to avert the high costs of HIPAA non-compliance fines.

Securing endpoints across their healthcare provider networks is one of the most challenging ongoing initiatives any Chief Information Security Officer (CISO) for a healthcare provider has today. 39% of healthcare security incidents are caused by stolen or misplaced endpoints. CISOs are balancing the need their workforces have for greater device agility with the need for stronger endpoint security. CISOs are solving this paradox by taking an adaptive approach to endpoint security that capitalizes on strong asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what are consuming network bandwidth is an IT management problem, but it’s a security outcome “, said Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software.

5 Strategies for Healthcare Providers Are Using To Secure Networks

Thwarting breaches to protect patients’ valuable personal health information starts with an adaptive, strong endpoint strategy. The following are five proven strategies for protecting endpoints, assuring HIPAA compliance in the process:

  1. Implementing an adaptive IT asset management program delivers endpoint security at scale. Healthcare providers prioritizing IT asset management control and visibility can better protect every endpoint on their network. Advanced features including real-time asset management to locate and secure devices, geolocation fencing so devices can only be used in a specific area and device freeze options are very effective for securing endpoints. Healthcare providers are relying more and more on remote data delete as well. The purpose of this feature is to wipe lost or stolen devices within seconds.
  2.  Improve security and IT operations with faster discovery and remediation across all endpoints. Implement strategies that enable greater remediation and resilience of every endpoint. Healthcare providers are having success with this strategy, relying on IT asset management to scale remediation and resilience to every endpoint device. Absolute’s Persistence technology is a leader in this area by providing scalable, secure endpoint resiliency. Absolute also has a proven track record of providing self-healing endpoints extending their patented firmware-embedded Persistence technology that can self-heal applications on compatible endpoint devices.
  3. Design in HIPAA & HITECH compliance and reporting to each endpoint from the first pilot. Any endpoint security strategy needs to build in ongoing compliance checks and automated reports that are audit-ready. It also needs to be able to probe for violations across all endpoints. Advanced endpoint security platforms are capable of validating patient data integrity with self-healing endpoint security. All of these factors add up to reduce time to prepare audits with ongoing compliance checks across your endpoint population.
  4. A layered security strategy that includes real-time endpoint orchestration needs to anchor any healthcare network merger or acquisition, ensuring patient data continues to be protected. Private Equity (PE) firms continue acquiring providers to create healthcare networks that open up new markets. The best breach prevention, especially in merged or acquired healthcare networks, is a comprehensive layered defense strategy that spans endpoints and networks. If one of the layers fails, there are other layers in place to ensure your organization remains protected. Healthcare providers’ success with layered security models is predicated on how successful they are achieving endpoint resiliency. Absolute’s technology is embedded in the core of laptops and other devices at the factory. Once activated, it provides healthcare providers with a reliable two-way connection so they can manage mobility, investigate potential threats, and take action if a security incident occurs.
  5. Endpoint security needs to be tamper-proof at the operating system level on the device yet still provides IT and cybersecurity teams with device visibility and access to modify protections. Healthcare providers need an endpoint visibility and control platform that provides a persistent, self-healing connection between IT, security teams, and every device, whether it is active on the network or not. Every identity is a new security perimeter. Healthcare providers’ endpoint platforms need to be able to secure all devices across different platforms, automate endpoint hygiene, speed incident detection, remediation, and reduce IT asset loss by being able to self-diagnose and repair endpoint devices on real-time.

5 Key Insights From Absolute’s 2019 Endpoint Security Trends Report

  • Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
  • 70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.

To better understand the challenges organizations have securing the proliferating number and type of endpoints, Absolute launched and published their 2019 Endpoint Security Trends Report. You can get a copy of the report here. Their findings and conclusions are noteworthy to every organization who is planning and implementing a cybersecurity strategy. Data gathered from over 1B change events on over 6M devices is the basis of the multi-phased methodology. The devices represent data from 12,000 anonymized organizations across North America and Europe. Each device had Absolute’s Endpoint Resilience platform activated. The second phase of the study is based on exploratory interviews with senior executives from Fortune 500 organizations. For additional details on the methodology, please see page 12 of the study.

Key insights from the report include the following:

  1. Increasing security spending on protecting endpoints doesn’t increase an organizations’ safety and in certain cases, reduces it. Organizations are spending more on cybersecurity than ever before, yet they aren’t achieving greater levels of safety and security. Gartner’s latest forecast of global information security and risk management spending is forecast to reach $174.5B in 2022, attaining a five-year Compound Annual Growth Rate (CAGR) of 9.2%. Improving endpoint controls is one of the highest-priority investments driving increased spending. Over 70% of all breaches are still originating at endpoints, despite millions of dollars spent by organizations every year. It’s possible to overspend on endpoint security and reduce its effectiveness, which is a key finding of the study. IBM Security’s most recent Cost of a Data Breach Report 2019 found that the average cost of a data breach in the U.S. grew from $3.54M in 2006 to $8.19M in 2019, a 130% increase in 14 years.
  2. The more complex and layered the endpoint protection, the greater the risk of a breach. One of the fascinating findings from the study is how the greater the number of agents a given endpoint has, the higher the probability it’s going to be breached. Absolute found that a typical device has ten or more endpoint security agents installed, each conflicting with the other. MITRE’S Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone. Enterprises are using a diverse array of endpoint agents, including encryption, AV/AM, and Endpoint Detection and Response (EDR). The wide array of endpoint solutions make it nearly impossible to standardize a specific test to ensure security and safety without sacrificing speed. Absolute found organizations are validating their endpoint configurations using live deployments that often break and take valuable time to troubleshoot. The following graphic from the study illustrates how endpoint security is driving risk:

  1. Endpoint security controls and their associated agents degrade and lose effectiveness over time. Over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction or have error conditions or have never been installed correctly in the first place. Absolute found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them:

  1. One in five endpoint agents will fail every month, jeopardizing the security and safety of IT infrastructure while prolonging security exposures. Absolute found that 19% of endpoints of a typical IT network require at least one client or patch management repair monthly. The patch and client management agents often require repairs as well. 75% of IT teams reported at least two repair events, and 50% reported three or more repair events. Additionally, 5% could be considered inoperable, with 80 or more repair events in the same one-month. Absolute also looked at the impact of families of applications to see how they affected the vulnerability of endpoints and discovered another reason why endpoint security is so difficult to attain with multiple agents. The 20 most common client applications published over 5,000 vulnerabilities in 2018. If every device had only the top ten applications (half), that could result in as many as 55 vulnerabilities per device just from those top ten apps, including browsers, OSs, and publishing tools. The following graphic summarizes the rates of failure for Client/Patch Management Agent Health:

  1. Activating security at the device level creates a persistent connection to every endpoint in a fleet, enabling greater resilience organization-wide. By having a persistent, unbreakable connection to data and devices, organizations can achieve greater visibility and control over every endpoint. Organizations choosing this approach to endpoint security are unlocking the value of their existing hardware and network investments. Most important, they attain resilience across their networks. When an enterprise network has persistence designed to the device level, there’s a constant, unbreakable connection to data and devices that identifies and thwarts breach attempts in real-time.

Bottom Line:  Identifying and thwarting breaches needs to start at the device level by relying on secured, persistent connections that enable endpoints to better detecting vulnerabilities, defending endpoints, and achieve greater resilience overall.

%d bloggers like this: