Healthcare News & Insights

MDR is essential to reducing COVID-19 cybersecurity risk

Among the many new vulnerabilities exposed by the global pandemic, none is more troublesome to healthcare IT than cybersecurity. Today, everything from insurance and personal information to intellectual property rights are at risk of criminal intrusion.

And the threats are only increasing with the Department of Health and Human Services reporting 132 breaches between February and May this year, up 50% compared to last year.

While geopolitical or even cyberterrorism were once feared as motives for healthcare data attacks, COVID-19 threat actors have a more straightforward goal: cash. Whether data is sold on the black market or exploited via fraud or outright theft, billions can be made on pilfered medical information. The situation has been exacerbated during the pandemic as healthcare organizations struggle to adapt. As more employees work from home, more gaps in the security infrastructure appear.

Healthcare IT teams need all the help they can get to compensate for the weak spots COVID-19 is indirectly creating – and for many organizations, Managed Detection and Response (MDR) could be the answer. MDR platforms can be the “hunt and kill” option that ensures visibility, proactive vulnerability closure and, in case of attack, quick remediation.

Three-way protection

Obtained through a SaaS offering, MDR not only spins up quickly, but also provides immediate relief for IT staffs straining to maintain an effective monitoring/detection posture. It also provides consistency. Security staffs often deal with high turnover rates – but as an external MDR provider becomes well versed with a healthcare organization’s environment, the resulting knowledge provides continuity that transcends staff churn.

MDR covers the three primary objectives of threat security. First, it provides visibility. You can’t stop anything you can’t see, and MDR can identify threats by pulling rich data from existing controls in the organization’s security posture. Once it collects the necessary information from end points, IPSs, firewalls, servers, active directory logs and the like, it correlates that data and bubbles up questionable events, in an actionable format, that need quick attention.

Second, an MDR capability provides thorough vulnerability assessments. It looks proactively at servers and other essential network elements for the “open doors” criminals covet, closing them with necessary patches. Third, it provides remediation. Most MDR platforms have technology that not only coordinates with endpoint protection to isolate and contain emerging threats, but also identifies other infrastructure that may have been compromised.

Modern MDR platforms go even further through SOAR (security orchestration, automation and response) capabilities. Using AI and machine learning, the best MDR systems learn from the security datasets they survey. They enable organizations to see threat triggers, such as applications used to gather credentials, from the outset. Even if some level of AI is available to IT internally, an outside MDR capability with machine learning will fill open gaps and provide increased perspective.

MDR platforms are flexible enough to accommodate healthcare organizations large and small, as well as those with specific needs. Most larger hospitals, for example, will have mature security resources but may be looking to augment some of their existing technologies. Smaller organizations – local hospitals, clinics and the like – may be looking for sophisticated network protection at a reasonable cost. MDR is a flexible option that can be tailored to fit the needs of the network.

Vital for any organization

Yet it’s important to note that MDR is not a cure-all. Security for remote connectivity traditionally has been based on IP addresses; newer secure remote access models go further by identifying the user, which helps ensure that workers only access the data they’re authorized for. Similarly, mobile device management adds protection by enacting strategies such as locking down USB ports on laptops when they’re outside the work environment, so patient records and other valuable data can’t be offloaded.

The best place to start any security infrastructure discussion is with a technical assessment. Many organizations have collected dozens of security tools over time. A thorough inventory and risk assessment will determine where gaps exist and where new solutions can provide maximum value.

As IT tackles the challenges of a changing workforce, rapidly evolving technology and unprecedented threat profiles, MDR is an important consideration. Security teams don’t have the luxury of looking at an intrusion monitor all day, every day – yet threat actors love loopholes. MDR can be a far more cost-effective and, over the long haul, more efficient alternative. It reduces threat dwell time, filters out data noise, reduces false positives, and enables security teams to focus on technologies and challenges specific to their roles.

It’s no longer a matter of if a security breach is going to happen – it’s when. The answer is to have the ability to proactively detect and remediate sophisticated cyberattacks on a 24/7/365 basis. That’s what MDR does, and why it needs to be a part of every healthcare organization’s arsenal.

Author: Jim Bowers is security architect for TBI, a Chicago-based telecommunications master agent.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

css.php