Healthcare facilities are under siege, not from outbreaks of infectious diseases but from cyber criminals who want to access electronic health records (EHR) and other sensitive data.
Patient Data Breaches: As Serious as a Heart Attack
In February 2015, health insurance titan Anthem disclosed that it had fallen victim to what would turn out to be the largest healthcare data breach in history.
Names, birth dates, home addresses, Social Security numbers, employment history, and other sensitive personal information belonging to nearly 80 million current, former members and employees, including Anthem’s own CEO, were compromised.
Although the hackers were never officially identified, Anthem did discover how they accessed the
system: using stolen login credentials.
It was revealed that five Anthem IT workers had their credentials compromised, possibly through email phishing. Using a system administrator’s credentials, the attackers were able to run database queries and upload the stolen data to an outside cloud service.
To make matters worse, the attackers were in the systems for many months before being discovered. The unauthorized database queries began on December 10, 2014 – perhaps even earlier – and continued off and on until the end of January 2015, when a system administrator finally noticed that someone else was using his login credentials.
A year later, the fallout from the Anthem breach continues; a class action lawsuit is pending, accusing the company of inadequate cyber security protections.
Cyber security experts point to the Anthem breach as a case study in the importance of monitoring system activity.
For months, no one noticed that the stolen credentials were being used in a highly unusual manner, and if the affected system administrator hadn’t stumbled across the problem, the hackers may have remained in the system even longer and stolen even more data.
Why is Healthcare Being Targeted?
When asked why he robbed banks, Willie Sutton quipped, “ because that is where the money is.” Hospitals, clinics, insurance companies and healthcare organizations are the target today for numerous reasons:
The Virtual “Intelligent Eye”: The Vaccine for PHI Data Breaches
Cyber security experts are emphasizing the importance of instilling a culture of security awareness within the healthcare industry, to include more comprehensive and frequent employee training. There must be a shift in mindset from “that’s not my job” to “information security is everyone’s responsibility.” Certainly it is important for healthcare facilities – and all other organizations – to begin taking information security and privacy seriously.
However, procedural changes alone are not sufficient to defend against cyber security attacks from outside criminal hackers; mistakes will always happen, and malicious insiders who purposefully violate privacy & procedures will always exist.
It is not reasonable to expect that a breach attempt will never happen
95% of security breaches are the result of criminal hackers or rogue employees misusing legitimate user access credentials. Therefore, User Behavior Analysis (UBA) to authenticate normal, day-to-day human usage and access patterns is among the best new concepts to provide a new, additional defense layer against cyber security threats, data breaches & privacy violations.
This is the process of monitoring and surveilling all user activity within a system, learning normal, authorized user usage patterns and day-to-day habits establishing baselines, and then quickly detecting, recognizing and responding to behavior activity that deviates from the norm – which could indicate a possible breach.
Behavior analysis may have been able to prevent the Anthem attack by recognizing that someone was using legitimate credentials in an unusual manner. However, behavior analysis has proven to be very difficult, quite expensive, and not entirely effective – until now
Ambient Cognitive Cyber Surveillance™
Enter Intruno’s Ambient Cognitive Cyber Surveillance (ACCS), the next generation of cyber security monitoring that combines proven leading-edge artificial intelligence and machine learning algorithms, coupled with high volume number crunching processing ‘cloud’ power available at low cost to provide highperformance, real-time information data security.
ACCS takes advantage of the exponential advances in both artificial intelligence and “deep” machine learning that have occurred in only the past two to five years.
Intruno’s Ambient Cognitive Cyber Surveillance™ platform is based on a patented, real-time user access monitoring machine learning engine which generates a unique, adaptive digital “fingerprint” for every login credential for every user in every application and database that is surveilled.
Digital Signature for Normal User Behavior
Digital Signature for Anomalous User Behavior
This unique (and continuously updated) digital “signature” is based on the normal, authorized user access patterns, habits and behavior that have automatically been processed based on historical and real-time streaming data.
Intruno can quickly compare the digital identity of the individual who is using the login credentials and determine whether the login credentials are being used ‘normally’. Aberrant, anomalous user behavior – indicating a compromised credential or its misuse – is detected in real-time – with far Digital Signature for fewer false positives.
Simple, Rapid Deployment – At an Affordable Cost
Despite the advanced Machine Learning (ML) and Artificial Intelligence (AI) algorithms & technology that power Intruno, our deployment and implementation is simple, rapid, highly scalable, and non-disruptive to clinical or IT workflows.
Implementation also has very low resource requirements, which means Intruno provides enterprise-level security at a price performance that fits not only the demands of large, nationally distributed healthcare systems but also the budgets of small and medium-sized organizations.
Intruno’s Ambient Cognitive Cyber Surveillance™ system is the only solution available that offers high performance monitoring for sensitive, critical information systems using:
- Real-time user access behavior and pattern profiling that detects not only outside hackers but also “rouge insiders” for a formidable, ‘next-generation’ monitoring layer for added security.
- Self-learning, self-optimizing algorithms, that continuously adapt and improve providing an “all seeing intelligent eye” 360° visibility for all of your systems and data 24/7 – across your organization’s information ecosystem.
- Highly scalable and rapid deployment in-premise, secure private or public cloud– operational within days.
Cogentyx supports and rapidly integrates with over 100 top healthcare applications and database systems including; Epic, GE, Cerner, Allscripts, Athenahealth, and eClinicalWorks – and is able to integrate with any new system without delay.
Additionally, Intruno saves time and improves efficiencies by offering customizable visual and print reporting that meets HIPAA and HITECH requirements, configurable compliance workflow tools, and chain of custody reporting, etc.
Cyber security is continuously changing and evolving. As soon as one vulnerability is fixed, hackers find another to exploit, and the cycle continues. This is why it’s so important to have a self-learning solution that never stops learning and evolving and that can instantly identify not only today’s attacks but also tomorrow’s.
Your healthcare organization has too much at risk to combat today’s cyber security threats, data breaches & privacy violations using yesterday’s technology.