Brian Selfridge walked into a hospital owned by a midsize health system in the Northeast, sat down in a conference room and plugged into a wired internet connection. After about an hour, he found a database on the hospital’s network that was secured with a default password, which he used to gain access to a server, from which he extracted the passwords of anyone who had logged into that machine.
Selfridge created his own account in the system and used other accounts to do the same thing on other machines on the server. Eventually, he discovered an account with administrative permissions, which he used to create an additional administrative account. That allowed him to download the password of every user in the hospital’s network. After five hours of hacking he’d hit the jackpot: He had access to employee and patient information, emails, billing records and other sensitive information used to run the hospital.
Thankfully for his victim, Selfridge hacks for good. He’s a partner at Meditology, a cybersecurity consulting firm for providers and payers. A bad actor could have done everything he did, he said. The hospital’s IT staff weren’t warned he would be coming, and the open environments of hospitals make it possible for anyone to walk in and use their wireless networks, or even wired connections.
Consultant Brian Selfridge helps healthcare providers and payers protect their networks from hackers. He is telling them to invest in emerging technologies that use algorithms to detect suspicious activity. Photo by Steven Kasich
Advertisement
Sign Up for Modern Healthcare eNewsletters
While Selfridge initially used a wired connection and later switched to wireless, he says he could have done the whole operation on Wi-Fi, which means he could have accomplished his mission in a public area like a cafeteria, where he’d likely go unnoticed.
Here’s the good news. At any point during his mission, advanced cybersecurity tools could have detected his unusual behavior, Selfridge said. Smart software would have noticed that it’s unusual for a foreign computer to create new accounts, or that someone had logged in using a compromised account. Some component of cyberdefense should have especially taken notice when Selfridge and his team were able to make such a high-level account that allowed them full access.
“Something should have alerted them in big red letters that we made an administrator’s account and downloaded all of the passwords,” Selfridge said.
Cybersecurity platforms that employ advanced technologies like artificial intelligence, machine learning and predictive analytics are being marketed to providers, who have lagged behind other industries in protecting critical data. If deployed correctly, the technology has significant potential to help healthcare cybersecurity leaders, who are overwhelmed by cybersecurity threats but unable to hire enough staffers to adequately respond, healthcare cybersecurity experts say.
Cyberattacks have steadily increased in the past few years, with HHS reporting 106 hacking incidents in 2016, nearly double the year before and over 20 times more attacks than were discovered in 2010. Hackers are hungry for personal information like addresses, Social Security numbers and credit card numbers. They also want medical records, which are immensely valuable because they allow identity thieves to create a more convincing profile of a stolen identity.
Providers spend millions of dollars on cybersecurity products and labor each year. Many are now hoping that intelligent cybersecurity tools, if developed and implemented correctly, will allow their staff to protect their networks more efficiently and thoroughly.
“They are a response to the sheer volume of attacks,” said Phyllis Teater, chief information officer the Ohio State University Wexner Medical Center. “There are huge volumes every day of various attempts to penetrate our organization. You can’t hire enough people to look at all the attempts.”
Protective technologies entering the market work through algorithms. Artificial intelligence generally refers to the ability of computers to perform tasks that normally require human intelligence, often involving the autonomous use of algorithms by a computer to analyze activity. Predictive analytics software feeds available data through algorithms and modeling to make predictions about what may occur to a network. Machine learning is the ability of computers to improve their analytical accuracy and capabilities by learning from data and activity.
Vendors like Armonk, N.Y.-based IBM Corp. and Moscow-based Kaspersky Lab are harnessing these technologies to create cybersecurity platforms that make sense of unusual activities, bring them to the attention of cybersecurity professionals and help them triage the threats. Some systems can be programmed to automatically block those threats.
Kaspersky Lab is a popular, global cybersecurity vendor that was founded by CEO Eugene Kaspersky in 1997, and its Woburn, Mass.-based North American business was founded in 2004. Kaspersky is a former software engineer for the Russian military and studied at the Institute of Cryptography, Telecommunications and Computer Science, which is sponsored by the Russian government’s intelligence service. The company, which is operated by a holding company in the U.K., has been accused of having close ties to the Russian government.
Because initial defenses like firewalls and antivirus or malware software are sometimes deceived or bypassed by hackers, leaders at IBM and Kaspersky say it’s crucial that providers have tools that can alert them to the activity of malicious actors who may have broken through their defenses.
The algorithms in the systems are designed to notice anomalies that signal infiltrations such as ransomware attacks—when hackers break into a network and encrypt an organization’s files, demanding ransom in exchange for a decryption key.
Ransomware attacks are on the rise and are becoming a front-burner concern at healthcare organizations. In one high-profile case, a Southern California hospital paid $17,000 in bitcoins to get its data back. London-based Beazley, which offers cybersecurity insurance and breach response services, says it handled 88 ransomware incidents at healthcare organizations in 2016, more than seven times the number it handled the year before. Healthcare organizations represented more than 40% of the 203 ransomware incidents Beazley handled across all industries in 2016. Not all of those incidents required HHS notification.
Software like Kaspersky’s software relies on threat-intelligence data such as hackers’ known IP addresses to monitor for suspicious activity. IBM wants to take that a step further. The computer giant is hoping to harness the power of its Watson cognitive computing platform to not only compile structured data like those IP addresses but also to parse blog posts, research papers and other natural-language documents for information about potential threats.
For example, Watson can understand details in a report issued by a manufacturer or the FDA when a web-connected device is found to be vulnerable to attacks. It’s not only extracting statistics embedded in these documents but also interpreting the prose written by humans that offers anecdotal details of weaknesses or hacker activity. By combining this evidence with structured data sets from cyberintelligence services, Watson is expected to be able notice patterns and other insights.
IBM hopes Watson will build a knowledge base that not only informs cybersecurity professionals but also feeds up-to-date information to software about potential threats that should be monitored. The product is in beta at organizations in various industries, including the University of Rochester (N.Y.) Medical Center.
IBM has been pushing Watson in the healthcare space for several years, making several major acquisitions with the aim of using Watson to support clinical decisionmaking and help providers derive insights from population health data. The company has also deployed Watson for supply chain management through a joint venture with UPMC.
Cybersecurity professionals read countless reports on risks as a part of their day-to-day activities, but there’s far too much information to take in, said Diana Kelley, executive security adviser at IBM. Eighty percent of security intelligence is described in natural language, according to IBM. The company estimates that each month brings more than 75,000 documented software vulnerability reports, 10,000 security research papers and 60,000 security blogs. “It’s about them being able to understand the data more quickly,” Kelley said.
Cognitive computing could help fill in the gaps in a healthcare cybersecurity workforce that is notoriously understaffed, in part because professionals are paid significantly less than their counterparts in industries like retail and finance. Most hospitals and medical groups simply don’t have the budget to compete with other industries for the talent.
With most current systems, a human still needs to evaluate whether an alert requires action and then decide what action to take, said Tareva Palmer, chief information security officer at WVU Medicine, the Morgantown, W.Va.-based health system affiliated with West Virginia University. But these technologies could help them do their jobs better and more efficiently.
Source: Modern Healthcare