Could you tell our readership a little about yourself and your organization?
I’ve been in the security and tech space for a long time, over 25 years. We provide cybersecurity services that protect customers from complex threats, whether it’s email attacks or attacks on data infrastructure. We also have an XDR platform that we manage for our customers, protecting them from all types of attacks when it comes to infrastructure protection.
How can hospitals stay ahead of cyber threats?
Ransomware continues to be a lucrative operation. The speed at which they’re executing this is also exponentially growing. Healthcare needs to focus on a layered defense approach. Looking at fundamentals is so important; making sure there’s MFA (multi-factor authentication) enabled, regular patching being implemented, securing data by having offline backups, having an advanced email security product in place, and 24/7 monitoring is imperative. As a lot of these hospitals and organizations operate 24/7 by providing critical care to patients, attackers know healthcare systems are always up and running, and they want to take advantage of that as well.
Do you think that health systems are particularly vulnerable?
Yeah, definitely. Cyber criminals know that the healthcare sector is definitely vulnerable because of the sensitivity of the data that they have when it comes to patient data. They know that critical life systems and the environment depend on the infrastructure, making downtime basically unacceptable. Ransomware payments are more likely if a ransomware attack hits a healthcare organization because of the criticality of bringing systems back online for the care that they’re providing.
From the budget perspective, it’s definitely challenged throughout the industry. It’s not just about getting the best of the breed tools that are out there, but how do they cohesively talk to each other?
The report states that paying the ransom doesn’t guarantee the recovery of systems and data. Could you talk to that point?
Whenever you’re giving a payment to a ransomware criminal organization, they might give you the keys, but they might not, or exfiltrate the data out. That’s one of the tactics we’ve seen all the time. They not only encrypt, but before they do the encryption, they remove the data. They have the data in their possession. When you talk about full recovery, you might be able to recover your systems, but the data has been lost. So even paying the ransomware kind of leaves you in a predicament where the data that you’re supposed to secure for all your patients is ultimately lost, or out there on the dark web. It poses an immense challenge to organizations.
Continuous learning is so important. Proactively identifying this and seeing how quickly we can respond to these attacks, so we don’t get into the predicament that we have to pay for these events, is key. Having that advanced email protection in place beforehand will stop any type of malware coming in. Having an AI-driven, machine learning-driven endpoint protection in place. Those are the key measures you want to get into before even starting to think about the need to pay for ransom.
The reactive approach is no longer working. I think the proactive approach needs to be adopted so you’re safeguarding, and at the same time, healthcare teams and security teams need to do tabletop exercises. They need to test out their incident response plans to be equipped when something does happen, so that they are prepared to handle such incidents and partner with many of the providers that are out there, including Barracuda, which does this as well.
The report states that some organizations have been repeat victims. Could you speak to that?
I think it’s two parts. One is the fragmented security sprawl that’s out there. You have distributed systems. I still see in organizations that have the best of the breed tools, but they’re so strapped when it comes to their internal resources to manage those properly. For example, a lot of organizations think IT teams are doing security. IT teams are doing the administration, upkeep, and maintenance of the system’s security on their own. They need to recognize that these are two individual pillars. Yes, they cohesively interact, they cohesively talk, but it’s two different disciplines that are out there. I think that security sprawl and visibility across all the tech stacks, making sure they’re configured properly, and they’re doing what they’re supposed to, is key.
The second thing is understanding that you need to make sure that there are enough resources and funding for the security space within healthcare. If not, how can we augment it by utilizing various partners to add security services and bolt-on services like XDR and email security onto your platform so you’re better prepared? It’s almost like an extension of their teams that they’re adding on. I think those are the two things I would recommend.
How can AI be beneficial in combating cybercrime?
Attackers are already using multiple AI tools to conduct ransomware attacks. We’ve seen an increase of about 214 percent in new AI chatbots that attackers are using. How do we use AI to leverage that toward those attacks to be able to detect those attacks faster, by analyzing, by doing threat hunting, by conducting research on different types of malware, and coming to an outcome and result at the same time? A lot of these AI agents have the capability to do automated mediation. Without any human intervention, you’re able to thwart these attacks in real time.
What are some other strategies specifically for the healthcare field?
I think preparation is key. Understanding and living that mindset means always being prepared for every situation that happens. Identifying the key players within my organization who play a key role during an incident response process. Who are the stakeholders who own the most critical systems within my organization, and what happens if attacks occur? How can we get this team together as quickly as possible and get to containment, eradication, and recovery in a very fast-paced manner? I think that is one of the things that I definitely hope organizations are thinking about.
What do you foresee for the future?
We are in a huge digital transformation. The AI change that is happening is…like electricity. I think it is going to have an immense impact on the scale of the attacks. The barrier to entry now is so low that there are uncensored models that are able to create malware at a speed that we’ve never seen before. You don’t need to be a security expert to build this stuff. And this is exponentially going to increase the attack surface and the number of attacks that are happening against infrastructure. I think it’s important for healthcare organizations to define their internal AI strategy, including what data to share with AI systems. How is it being shared? How is it being used? At the same time, how can we leverage AI within our organizations, or partner with other security providers that are leading in the AI space, to protect against the attacks?
Do you believe the government has a place to add more regulations?
I do believe there’s definitely some governance that will be good. Some of that is happening. About 40 scientists… released a report saying that they are coming close to basically losing control of models. That’s concerning, because if they lose control, what happens? Where does it go? Where does it lead to? In the cases that they talked about, the AI models are so outcome-focused, or so focused on getting you to the answer, that the guardrails that they put around some of the models are being bypassed. These models are writing this code in math and equations that can’t be deciphered by the developers who wrote it.
It is definitely a new realm that we have embarked on. This is really useful for government agencies to curtail and have a plan around how to proceed with AI, including what safeguard measures are needed. It obviously has a huge positive impact on the world as well, and there are challenges when it comes to security. I think it’d be really helpful for regulatory bodies to step in and put an initiative on AI as well.
Any last words of advice?
Especially when it comes to healthcare, we should recognize that everyone, including individuals within health organizations, is a prime target. Cyber criminals do a lot of reconnaissance on leaders within the organizations when they talk about spear phishing tactics. They find out who works in the healthcare billing department and in specific areas of the organization. They then try to do phishing attacks against those individuals, knowing they are the ones dealing with the funds. If they could interject and do a payment, whether it be a transfer or some sort of malicious invoice, or some interaction…they are going to get a successful outcome. I think being vigilant, learning and educating, training your users, is still an important factor against cyber-attacks.
