September 24, 2020 Events & WebinarsStories from the field
Adam Mathis Evin Hernandez

Securing Distributed Healthcare Organizations

Treating patients is not the only concern healthcare organizations are facing today.

Healthcare systems are learning to adjust the operational and cybersecurity requirements of a distributed workforce. And the stakes are high. Faced with the combined challenges of ransomware, data breaches, and other cyberattacks, the healthcare industry is considered a golden goose for cybercriminals.

Providers rely on technology and network connectivity to facilitate data integration, clinical support, and patient engagement. However, these technologies are often vulnerable to threats, where cybercriminals can extract patient data, or shut down an entire hospital with ransomware.

In this webinar, you will gain insights on:

  • The operational challenges of securing and administering distributed healthcare workforces
  • Shifts to the threat landscape as adversaries adapt to decentralized networks
  • Securing endpoints outside of the hospital or care facility to facilitate secure telehealth visits

00:41 Panelist Introduction

01:27 Webinar Agenda

02:00 Critical Business Data is at Risk

02:44 “Businesses are hit by ransomware every 40 seconds.” – Evin

03:06 Current Data Center Security Approaches Are Not Working

03:11 “The average cost of a data breach in 2018 was around $3.86 million.” – Evin

04:00 Attackers Seize the Moment

04:47  “While some of these techniques aren’t new, history has always proven that cybercrime often increases during times of heightened emotion, distraction, and stress from bad actors.” – Evin

05:31 The Threat Landscape

06:10 “It’s not surprising that malicious actors are taking advantage of this new reality. They’re targeting the way employees connect to their workplaces from their homes.” – Evin 

06:44 Why is Healthcare a Target?

08:56 “Healthcare has a history of getting less support for IT & Security from a leadership buy-in and resources perspective, but they’re trying to protect this incredibly valuable data.” – Adam

09:36 Intersection of Valuable Data and IT Challenges

09:45 Historic lack of resources

10:04 Resistance to change

10:28 Interconnected web of providers

11:17 Mounting tech debt

11:50 “When you take valuable data and IT challenges and put them together, it’s not a surprise that in 2019, breaches and ransomware in healthcare accounted for $4 billion dollars lost.” – Adam

13:30 Trends

14:49 Exploitation Vectors

15:30 “If you send people home quickly, and you don’t have a good remote infrastructure in place, a lot of corners get cut.” – Adam

16:09 Actors

17:12 “Because of the IT struggles [in healthcare], the barrier for entry isn’t super high—it’s not limited to the most sophisticated actors.” – Adam

17:47 Tactics & Techniques

17:48 “One of the most telling things about the state of security in healthcare is that the majority of these actors have not changed the way they do business in years.” – Adam

19:02 The Price of Ransomware: Two Takes

20:04 “We already live in a world where technology is so ingrained in healthcare that the loss of those services is going to impact people living or dying.” – Adam

21:26 Tales from the Trenches – Ransomware

25:50 “You have to have detection in place. But you want to prevent ransomware because you’re not going to be faster than the script actors put together.” – Adam

25:03 Tales from the Trenches – Blue Mockingbird

27:40 “If you don’t have something that can show you detailed command history, you’re going to have a really hard time finding all the things you need to do to fix a box.” – Adam

28:18 Tales from the Trenches – C2

29:06 “You don’t want Cobalt Strike anywhere in your environment, but you definitely don’t want it on a [records management and telehealth] system that has lots of sensitive data.” – Adam

30:50 Telehealth Challenges

34:45 “When providers and organizations have to make rapid changes, things get missed.” – Adam

35:17 How Do We Make It Better?

37:53 “Humans are always going to be your best detection controls because the human brain is amazing and can pick up on anomalies.” – Adam

38:58 “Even doctors have to become more security aware when they connect to a user on a device to ensure certain safety mechanisms.” – Evin

39:40 Remote Security Requirements

40:55 Misconfigured workloads and virtual desktops are the most frequent initial attack vector, appearing in nearly 20% of breaches.

41:48 Carbon Black vSphere Demo

47:56 “Live Response is a great way to have secure access to machines without leveraging other tools that could be vulnerable to certain attacks.” – Evin

48:13 Additional Resources

49:35 Q&A

 

 
Stopping a Rapidly Advancing Zero-Day Malware Attack
 
Operationalizing Carbon Black Response: 5 Success Stories
 
Five Security Teams, Five Unique Challenges, One Trusted Ally
 
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak
 
Adam Mathis
Information Security Director, Red Canary
 
Evin Hernandez
Senior Technical Marketing Manager, VMware Carbon Black