As we head into the final days of Cybersecurity Awareness Month, one key theme has emerged in our blog series; healthcare organizations have many options available to help combat cyberattacks, and it can become daunting to select which solutions provide the best fit for your organization. Considering integrations and intelligence sharing between cybersecurity technologies or processes is important to remember. You’ll often hear buzzwords like a single pane of glass, dashboard, AI, and automation to describe how these products will help keep your network safe. Healthcare Vulnerability Threat Management (VTM) has matured to incorporate these solutions, but these tools need trained people and proven processes to be effective.
We’ll examine how healthcare VTM programs can mature to include Dark Web, IoMT, and other data feeds. First, let’s do a quick refresher on some of the terms you’ll come across when researching these topics. If you’re already familiar with the subject, jump to the “Context is King” section.
Vulnerability Threat Management (VTM) services allow healthcare organizations to meet or exceed the mandated regulatory requirements to identify and document reasonably anticipated threats to electronic Protected Health Information (ePHI). Organizations must also identify and document vulnerabilities that, if triggered or exploited by a threat, would create a risk of inappropriate access to or disclosure of ePHI.
Dark Web monitoring searches for and keeps track of sensitive information found on a portion of the internet not accessible via normal means and is commonly visited by cyber threat agents. There are several layers of the internet, including the Surface Web, which most people use and only accounts for 4% of the internet, the Deep Web (96%), and the Dark Web. The Dark Web is hidden from conventional methods, and criminals use the dark web to monetize stolen personal information.
In an article about the Dark Web, an FBI cybersecurity specialist was quoted about the Dark Web, saying it’s “messy, chaotic, full of scammers, dangerous minds, and even killers . . . that’s just for starters”. *Note: Fortified doesn’t recommend engaging in Dark Web research activities without proper training and technology safeguards as it can expose individuals or organizations to direct peril (cybersecurity, personal, physical, mental).
Connected Medical Devices or IoMT legacy medical devices not designed to be internet-accessible are more commonly being connected to the internal network and possibly the internet, increasing security risks and vulnerability for healthcare environments. Managed Connected Medical Device Security Programs (IoT/IoMT) help organizations close those security gaps in healthcare networks by visualizing, assessing, and protecting connected IoT and medical devices.
Context is King
The goal of a cybersecurity team isn’t to deploy more tools or gather data – it’s to protect patients and their PHI and help ensure that healthcare services aren’t negatively affected. The building or outsourcing of an enhanced VTM program that incorporates Dark Web, IoMT, and integrations with previously deployed solutions can mature your cybersecurity posture but also maximize earlier investments.
Each tool can be powerful, but they should be layered together; otherwise, alert fatigue is a typical outcome. Deploying an integration solution to get that single pane of glass is often considered the solution. But remember, it’s all about people, processes, and technology working together.
All these new tools and intelligence feeds aren’t as impactful without the right team working to contextualize them. Disparate systems have always been an issue in cybersecurity. Still, as attacks continue in healthcare leading to a recording breaking $10M plus cost per breach, executive leaders are looking for answers.
Enhancing your VTM program
The first step to enhancing your VTM program and cybersecurity posture is knowing where your current assets and risks reside. Next, your penetration testing and Risk Assessment programs should feed intelligence to your VTM program and reciprocate. Finally, the goal should be layers of protection, identification, and response. If one fails, multiple barriers are in place to help slow or stop an incident.
Accurate identification for endpoints, network devices, and connected medical devices should be part of cybersecurity practice. As mentioned, an integrated connected medical device program is highly advantageous and possibly required for many healthcare organizations.
Incorporating Dark Web intelligence into a VTM program can help teams be more proactive in identifying potential threats or leaked data. Teams should establish the priority goal for Dark Web intelligence and build processes to handle scenarios once something is found. Again, Dark Web can be very useful, but it requires a higher level of cybersecurity knowledge.
Finally, cybersecurity teams must plan, document, and practice their procedures. All the preparation, technology implementation, and hard work can be for not if the team doesn’t know or follow the process during an incident. Your team may not be able or want to handle it all in-house. Many organizations turn to outside organizations to help or take over segments of their cybersecurity programs. Supporting cybersecurity providers need to know their specific roles and be incorporated into your incident response (IR) planning.
We hope this blog has given you some interesting insights and possibly additional questions. Learn more about utilizing and integrating cybersecurity tools, intelligence, and processes by contacting us or watching one of our on-demand presentations below.
- The Many Ways to Utilize a Vulnerability Threat Management Program in Healthcare Cybersecurity
- Dark Web Services for Healthcare
- Getting the Most out of a Healthcare Penetration Test
- IR Program Maturity
- How to Build a Medical Device Security Program
To learn more about Vulnerability Threat Management, join our Webinar, Tuesday, November 29th at 2 pm CT.