It’s no secret that healthcare organizations are a prime target for cybercriminals. In fact, one only has to visit https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf to see how many of these organizations fell victim to breaches in the past two years alone. Unfortunately, no healthcare entity—whether a provider, plan, or business associate—is immune to this threat. Even when companies meet compliance requirements like HIPAA and certification bodies like HITRUST, breaches continue to occur. In this post, we will not go into the weeds of the various controls requirements, nor will we discuss the effectiveness of these compliance requirements. However, we will show you how HYAS Insight and HYAS Protect services can help keep your organization off the Office of Civil Rights (OCR) “Wall of Shame.”
Understanding the threat starts with looking at the volume and various types of breaches reported on the “Wall of Shame” webpage—which, it should be noted, does not list attacks affecting fewer than 500 patients. Roughly 72 percent of all breaches (603 of the 828 breaches listed since 2019) were listed in the “Hacking/IT Incident” category. Of these, more than half (348) involved a network server. HYAS Insight and HYAS Protect are particularly adept at handling these scenarios and can reduce the likelihood of a breach, and thus, inclusion on OCR’s site. For example, HYAS Insight aggregates and correlates information on global adversary infrastructures and identifies attack attributes. Leveraging this information, organizations have access to better threat intelligence, and by extension, improve their ability to determine what to watch for within their network environment.
When combined with other security tools (e.g., SIEM), HYAS Insight decreases incident response time by separating background noise from actual nefarious activity by bad actors. These activities can range from operating command and control (C2) systems to developing new malware that can be deployed before an organization’s SIEM or IDS/IPSs signatures are even updated to protect against it. Being able to identify malicious activity, determine the potential systems’ impact, and drive attribution (potentially all the way to the location where the attack originated), greatly improves response times and accuracy, reducing the likelihood of a breach occurring and minimizing its impact if one does occur.
While identifying and tracking adversary activities is an important part of a holistic cybersecurity strategy, businesses also need to implement safeguards to stop a bad actor before it's too late. A typical cyberattack kill chain involves the adversary performing some sort of reconnaissance. This could be as simple as checking for known server vulnerabilities common to many organizations (the Windows Print Spooler exploit, for instance), or something unique to an organization, like its network domains. With recon completed, the adversary then identifies a way to exploit the vulnerability they found; this is the weaponization phase. Finally, the adversary looks for a way to deliver the malicious package.
This is where HYAS Protect steps in to break the kill chain. Once deployed, Protect leverages HYAS’s global adversary dataset to block bad actors’ attempts to deliver exploit packages by identifying and correlating the adversary’s infrastructure (C2 environments) and methods (malware). In the event an exploit is already present in the environment or introduced by circumventing normal security layers (e.g., it’s brought in on a flash drive), HYAS Protect blocks communications to the C2 environments. In layman’s terms, HYAS Protect thwarts adversarial attacks by limiting the ability to deliver malicious code and blocking malware within the network from spreading. When used in combination, HYAS Insight and HYAS Protect contribute to a well-rounded defense by providing the means to identify and attribute adversarial activities, respond to potentially malicious activities, and protect against the execution of malware.
It’s true that using HYAS Insight and HYAS Protect services can help meet and manage many compliance obligations (nearly 20 percent of HITRUST/HIPAA controls can be satisfied when using HYAS Insight and HYAS Protect), but far more important is the improved network security and visibility they offer. HYAS’s services allow you to rapidly pick out potential adversarial activities (threat intelligence) from background noise (normal user behavior), decreasing response times and reducing the likelihood or severity of a breach. Add to this the ability to break the cyber kill chain in two places (malware delivery and C2 communications), and you have a security stack that goes far beyond meeting minimum requirements.
Which brings us back to the dreaded “Wall of Shame.” Two years is a long time to have a blemish on your reputation listed for all the world to see. Learn more about how you can best avoid a breach while satisfying HIPAA and HITRUST compliance requirements in our whitepaper, Taking a Risk-Based Approach to Compliance.