“Minimizing risk by increasing visibility” AI-based cyber security in the case of a US hospital

Like all medical institutions, Northfield Hospital in the United States has a major responsibility for cybersecurity. Not only do they have sensitive data, but cybersecurity issues can put patients’ lives at risk. Announced in September 2022, Proofpoint and Ponemon Institute’s According to research Patient mortality increased in more than 20% of healthcare institutions that were cyberattacked.

“If an institution is down and patients are not receiving care, treatment can be delayed and mortality rates can be high,” Northfield Hospital Security Information Officer Bern Rugid told CSO. This is especially true for stroke patients or heart attack patients, where time is of the essence. And without an automated system to transport patients and provide needed care, the risk of death could increase.”

According to Rugid, hospitals are always a target for cybercriminals, so Northfield Hospital is constantly updating its cybersecurity stack. “Let’s say you’re monitoring your heart rate during surgery. What if your heart rate monitoring device suddenly stops? It’s something that shouldn’t happen.”

ⓒGino Crescoli (CC0)

Replacing Legacy Cybersecurity Systems with ‘AI Security’

Northfield Hospital was using a traditional cybersecurity stack that included basic firewalls, intrusion prevention and detection systems, internet security gateways, and email spam and virus filtering. As AI-powered products began to emerge, the hospital turned to an AI-powered endpoint protection system, the first step on the road from cybersecurity to artificial intelligence tools.

“But there was no integration,” said Rugid. Information and device management were all siled. “It was difficult to actually get the visibility we desperately needed to see what threats were on the network and what was happening, so we started looking for tools that would give us that visibility.” “The first AI products had a narrow range of telemetry data transmitted over the network. We had to find a product that would cover the entire organization, not just the endpoint,” added Rugid.

Concerned about the risks healthcare organizations may face, and driven by growing hospital requirements, Northfield Hospital conducted a proof-of-concept with Darktrace prior to the COVID-19 crisis. Rugid noted that Darktrace was still a young company at the time, but was maturing.

“This proof-of-concept demonstrates the visibility that AI engine can provide, not only in clients, but also in users, protocols, IPs, sources, destinations, and many previously inaccessible telemetry domains. It was amazing. I needed the ability to figure out what was normal and what was abnormal.”

Another approach has been to streamline the cybersecurity stack. Northfield Hospital is shrinking its cybersecurity stack while retaining features that currently work individually, such as firewalls and internet security gateways, rather than stacking products for emergencies.

prepare for future dangers

Phishing emails are becoming more and more plausible, especially with doctors and nurses asking for help with health issues, which is a concern, said Rugid. Rugid said Darktrace helps identify and understand these issues.

Another concern is security as medical devices become increasingly software-centric. Patients and caregivers rely on medical devices available online. “Medical devices have very unique workflows that are hard to protect. You can’t turn off someone’s heart monitor to protect their devices just because a cybersecurity attack has occurred. We must continue to use the device.”

It’s even more concerning, says Rugid, that medical devices are moving out of hospital networks and into patients’ homes. This is because medical devices entering a patient’s home increase the risk and make it more difficult to protect the patient.

A recent incident at Northfield Hospital made this threat a reality. A few months ago, a hospital employee took a device home to work from home. Telemetry reports from the Darktrace C sensor installed on the computer showed that the employee’s home network was compromised by a Russia-based IP shortly after the device connected to the employee’s personal network. The security team used automation to immediately take the computer offline. “As soon as the device was connected, within a few minutes an alert went off and the device went offline,” added Rugid.

Cyber ​​security training and ongoing stack updates for employee and patient safety

“Ransomware attacks are the biggest concern,” said Rugid. “We provide annual training to all staff to deal with this problem. Training is updated with threat and event information collected throughout the year. Phishing practice is also done automatically through Darktrace.”

Phishing practice tools are important for small businesses, especially if you have a small IT team, Rugid said. In terms of technology, Rugid also said that the company plans to continue reducing the number of vendors in its cybersecurity stack, as complex environments can increase risk. He also noted that he wants to reduce the complexity of hospital defense systems and management.

“Threat actors are already targeting AI-based threats, so we need to prepare accordingly,” said Rugid. Northfield Hospital also has to manage 24 hours a day, 7 days a week with fewer resources. Northfield Hospital will continue to seek ways to further protect its most important asset: its patients. This includes placing medical devices under the protection of Darktrace.”
[email protected]

Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!