Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

Hijacking Healthcare: Training the Treaters in Cyber Hacks

Posted by Tim O'Neill | 10/26/17 8:00 AM

There’s no denying the dire security situation healthcare organizations are currently facing. However, so much of what you read online or see in the news revolves around specific malware threats or ransomware attacks. What is often missed is the underlying problem—the human factor.

A recent Verizon cyber security report found that human error is a leading cause of cyber attacks across all industries. The healthcare industry especially must find new ways of addressing human error to avoid falling victim to the same attacks that have plagued organizations for years.

The Different Layers of Human Error in Healthcare

Human error is a broad category that is used to encompass a variety of different vulnerabilities that originate with individual employees.

Verizon’s research found that for the healthcare industry, human error boils down to three main issues—insider privilege misuse, inattentive employees, and physical loss/theft. Losing track of physical devices gives attackers the easiest entry point into healthcare organizations, but the other two forms of human error present a more challenging problem.

10 Tips For Better Cyber Security

Privilege misuse and inattentiveness lead to greater vulnerability to phishing attacks. Even as attackers developed more than 220,000 new pieces of malware daily in 1Q 2016, the most sophisticated malware is useless without the initial human compromise.

The healthcare industry faces a constant battle against phishing attacks as more attackers try to access valuable protected health information (PHI) every day for nefarious purposes.

The Current State of Phishing Attacks

The first step in mitigating the potential for human error in cyber security is to understand the phishing attacks that compromise your employees in the first place. According to a recent study from the Anti-Phishing Working Group (APWG), there was a 20% increase in the number of known phishing websites between October 2015 and March 2016. Worse yet, these websites are being used to launch increasingly dangerous threats.

There are many different types of phishing schemes, but here are a few that anyone should be familiar with—security professional or otherwise: 

  • Basic Mass-Email Campaigns: At the lowest level, attackers can send out mass emails with deceptive messages that trick users into clicking malicious links. Links are directed to seemingly legitimate sites where users type their credentials in and attackers collect them.
  • Malware Loading: This type of attack can also be launched through mass emails. However, malicious links and attachments are configured in such a way that users who click on them automatically download a piece of malware onto their machines. Similarly, an advanced keylogger can be deployed in this way to track specific activities.
  • Targeted Spear-Phishing: Rather than launching a mass-email campaign, attackers can pick a certain vulnerable or high-profile employee at your organization and tailor a phishing email just for them.

Regardless of the specific type of phishing scheme, Verizon found that users across all industries open malicious emails approximately 30% of the time. Unfortunately, it only takes one of your employees to open one of these emails to compromise your whole network.

If your employees are willingly (but unknowingly) giving attackers access to your electronic health record systems, there aren’t many cyber security solutions that can help you. This is why you have to mitigate human error at the source. 

How to Address Cyber Security Human Error to Avoid Costly Attacks 

It seems like cyber security experts have been talking about the same need for employee training for years. However, Patricia Skarulis, Senior Vice President and Chief Information Officer at Memorial Sloan Kettering Cancer Center, has some recent advice for healthcare companies looking to address human error:

  • Internal Phishing Attack Tests: Skarulis believes healthcare companies should intermittently test their employees with fake phishing attacks. These tests would offer insight into your staff’s ability to spot a malicious email.
  • Online Course Training: You could set up your internal testing to direct employees to online courses that address the specific attack they fell victim to.
  • Technical Preparation: Training is of the utmost importance, but that doesn’t mean there aren’t any technical solutions to phishing schemes. Two-factor authentication and abundant malware detection/prevention tools can help you ward off potential threats—even when your employees make an inevitable mistake.

Ongoing employee training should be top-of-mind for any security leader, but you can’t entirely rely on this for protecting your electronic health records. Attacks happen fast (just look at what happened at the Wyoming Medical Center, where human error allowed attackers to access more than 3,000 records in just 15 minutes). Having the right in-line security appliances and out-of-band monitoring tools in place is equally necessary.

Healthcare organizations need to keep up with the evolving cyber security landscape—but that means deploying a complex stack of appliances and software solutions. 


 

Topics: Network Security, Hacks and Data Breaches, Healthcare

Written by Tim O'Neill

As the Senior Technology Consultant & Chief Editor at LoveMyTool, Tim O’Neill has over 45 years of technology experience at data/voice and video networking analysis companies, including successful senior roles in Sales, Product Design, Marketing Management, Business Development and Security.