Protecting Healthcare Records from Cyber Attacks Is a Game of Cat and Mouse

Protecting Healthcare Records from Cyber Attacks Is a Game of Cat and Mouse

By Mike Potts, CEO, Lancope

The never-ending battle between healthcare organizations and cyber attackers has always been like a game of cat and mouse. The hacker plays the role of the mouse, constantly trying to sneak past the company’s cat that is guarding information. For years, the cat not only consistently beat the mouse, he would help his fellow cats identify new mice and keep them out of their cupboards too. But as the successful data breaches over the past year demonstrate, including one earlier this year that made headlines after millions of health insurance records were compromised, the mice are now kicking the cats in their tails.

As the healthcare sector continues its collective effort to move to a 100-percent electronic records system, these recent attacks should serve to do two things. First, it should shine a light on why your existing cybersecurity system is likely inadequate – even if it complies with HIPAA’s Security Rule. Second, it should prompt you to immediately call your CSO, CIO and IT administrators into your office to overhaul your security posture and establish new employee education and incident response training programs.

While you may not have thought of this industry as a primary target for attackers, I hope you understand that cyber criminals consider healthcare information just as valuable as credit card numbers and other financial records if not more so given the longer shelf life of social security numbers and other personal information. And furthermore, traditional security solutions alone are incapable of keeping thieves out of your network. Healthcare security needs a more holistic approach that keeps watch both outside and inside your network and can help your security personnel more quickly identify and remediate threats. Here is why:

A Game of Cat and Mouse

Your first question might be, “what happened to the cat that I thought was such an effective guard?” Actually, the question you should be asking first is “what’s happened to the mouse to make him so much better at sneaking past the cat-guarded gate?”

The mouse has become faster, smarter and more agile. His motivations have evolved too, from hacking into systems to gain public notoriety and praise from his fellow mice, to silently and anonymously stealing information for financial gain.

In fact, the cat often does not even realize the mouse has snuck in and has been sitting for weeks, possibly months, stealing whatever it finds valuable.

The solution is not to add more cats that keep their ever-watchful eyes trained outside your network in order to spot outside attackers from trying to get in. That’s still important, the cat hasn’t become obsolete. But now building a better mouse trap requires a more holistic approach that guards both from the outside-in and from the inside-out.

This requires monitoring activity across your entire network in real time, including who is accessing and moving data stored in third-party cloud-based services like Dropbox or Salesforce.com. Simply put, security cannot be a one-time “set it and forget it” process.

In addition to implementing technology tools to enable you to see who is in your network and what, exactly, they are doing, you need to educate and train all of your employees, not just those in the IT department. Practice makes perfect. Just as you run regular fire drills, do the same to ensure your teams know what to do when a security threat is identified outside or inside your network? You want to put out a fire in a trash can long before it becomes a blaze that engulfs the whole building and causes irreparable damage.

A Holistic Approach

There’s no sugar-coating this fact: it’s likely only a matter of time before a breach occurs. You still want to lock your front doors (a.k.a. your perimeter), but don’t put all your eggs in that one basket. You have to balance your cybersecurity technology budget and include tools that provide your security team with the intelligence, visibility and forensic IR capabilities they need to identify when someone picks the lock and shut them down before any significant damage is done.

Also, for more information about just how serious the insider threat has become to healthcare organizations, please review the infographic “The Reality of Insider Threats” at http://www.lancope.com/resources/infographics/reality-insider-threats

Why You May NOT Want to Freeze Your Credit

This just in: Reasons to Rethink Freezing Your Credit During ID Fraud Scare

Here are some reasons you may want to consider for any stories you might be planning around tax season:

• If you do put a freeze on your credit report it can take up to a month for the credit bureaus to do the unfreeze
• During a freeze, all credit cards are frozen
• Your debit card may also be impacted
• Consumers may need to go to a cash lifestyle even to pay bills
• All of your automated bill payments are then frozen and that can negatively impact your credit even further if or when you miss payments
• The Federal Trade Commission warns that tax ID theft, the most common form of identity theft, is a bigger problem than any one company.
• The Internal Revenue Service said Tuesday that tax-related identity theft is on the rise. In 2014, the IRS conducted over 1,000 identity theft-related investigations. There were also 748 sentencings connected to identity theft crimes, representing an increase of 75 percent over 2013.

"Once you freeze your credit report, it takes a long time to unfreeze it and you may have to live off liquid assets in the meantime," said Brian Richards, ID Theft Expert at Protect Your Bubble. "Only wait until there has been an activity reported against you specifically before you actually put a freeze on your credit report. It's difficult to dictate the timing of the freeze or unfreeze and that places added stress on consumers to maintain bill payment or have access to credit."

Smart Cities Need Smart Vaccine against Cyber Attacks

A Smart Vaccine approach is needed to protect the Middle East's smart cities, says security expert Dr. Rocky Termanini. It applies, of course, to other regions, too.

Dr. Termanini is the auther of The Cognitive Early Warning Predictive System Using the Smart Vaccine, to be published by CRC Press in November 2015.

FAA Needs to Address Weaknesses in Air Traffic Control Systems

"Lions, and tigers, and bears! Oh, my!" Air traffic control systems vulnerable to attack. No surprises here. These antiquated systems have no business being Internet facing.

Call for Book Chapters: Protecting Mobile Networks and Devices

Call for Book Chapters: Protecting Mobile Networks and Devices

This book welcomes chapters on a wide range of issues related to mobile networks and devices, including all aspects of attacks and solutions. Indicative topics include, but are not limited to, the following:

- Intrusion detection and prevention schemes for mobile networks
- Tracing back mobile attackers
- Secure routing and access control
- Mobile authentication mechanisms
- Security testing of new or existing usability features,
- Agent based intrusion surveillance
- Wireless Access Technologies
- Multimedia security issues for tackling intruders

We welcome both surveys and technical chapters presenting novel analytical research, simulations, practical results and case studies.

http://www.wikicfp.com/cfp/servlet/event.showcfp?eventid=43962%C2%A9ownerid%3D74982

New Ransomware Strain Encrypts Files from Memory

Tampa Bay, FL (February 10, 2015) -- KnowBe4 CEO Stu Sjouwerman issued an alert to security professionals today about a newly discovered piece of ransomware dubbed ”Fessleak” by security firm Invincea. The ransomware is Russian and delivers its malicious code straight into system memory and does not drop any files on a disk. That means almost all antivirus software is unable to catch this. The infection vector is malicious ads on popular websites that the cybercriminals are able to display by bidding on the ad space through legit ad networks.

"This particular strain is new and quite harmful as it takes advantage of file-less infections that can communicate through the TOR network," said Sjouwerman. "We are going to continue to see more and more ransomware this year and this is just the latest innovation.”

This strain can check to ensure the host is not running on a virtual machine to frustrate security researchers and analysts. For end-users, they might visit a major site on their lunch break like HuffingtonPost, Photobucket, CBSsports, or Match.com and check out someone's "Granny opening a new iPhone video", or "These are the Charlie Hebdo cartoons that terrorists thought were worth killing over" headlines. Clicking that one link is enough to get confronted with a full screen announcing all personal or business files, photos and videos have been one-way encrypted and to get them back you need to pay a ransom in Bitcoin.

The cybercriminals first set up a short-lived burner domain directing to a landing page where the exploit kit is hosted. Then they start real-time bidding for ads pointing to the burner domain. Once their bad ad is displayed on a popular website and users clicked on it, they would be redirected to the malicious domain which in turn infects their workstation.

The same gang is also using 0-day exploits for Flash Player, and is apparently able to change their malware on the fly to exploit the most recent vulnerabilities. Fessleak drops a temp file via Flash and makes calls to icacls.exe, the file that sets permissions on folders and files. At this time, there is no detection for the malicious binary, which likely rotates its hash value to avoid Antivirus detection.

Sjouwerman makes a few recommendations to mitigate this type of attack:

1) Backup, backup, backup and take a weekly copy of your backup off-site.

2) Keep your attack surface as small as possible and religiously patch the OS and third party apps as soon as possible. Visit http://www.Secunia.com site for some additional help.

3) Run a UTM or a good Proxy, block centrally rather than machine by machine. If that's not possible, install AdBlocker plugins for each browser.

4) It is increasingly clear that effective security awareness training is a must these days. Once a year training for compliance does not cut it anymore. End-users need to be on their toes with security top of mind.

 

CISSP Credential Enhancements and New Edition of Official (ISC)2 Guide to the CISSP CBK

As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

Effective April 15, 2015, the CISSP domain names have been updated as follows:

1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
2. Asset Security (Protecting Security of Assets)
3. Security Engineering (Engineering and Management of Security)
4. Communications and Network Security (Designing and Protecting Network Security)
5. Identity and Access Management (Controlling Access and Managing Identity)
6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

Official (ISC)2 Guide to the CISSP CBK, Fourth Edition will be the first book to address the new eight domains CBK framework.