Cyber Threats in Healthcare Brings Defenders Together

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked. John Chambers ‒ CEO of Cisco at the World Economic Forum.

Here’s a real-time view of a global sensor network that tracks cyber threats all around the world. During the course of an hour on a random Wednesday afternoon, over 4,000 global attacks originated from China alone. In the same hour, the US was target to over 10,000 attacks such attacks from all over the world.

These numbers show just how real, dogged and wide-reaching cyber threats have become. The attacks are automated and mechanized to the extent that defending against advanced persistent threats (APTs) has become increasingly difficult. APTs are a different breed compared to anonymous hacking because they are well-coordinated, motivated and well organized, not to mention well-funded.

With three large-scale data breaches in less than 9 months, healthcare is right in the middle of a global cyber war. The three breaches combined – CHS, Anthem and Premera, totaled to nearly 95.5 million stolen records. That’s just about 30% of the entire U.S. population. In less than one year.

Chief Security Officers (CSOs) – assert that the war against cybercriminals is never going to be about winning or losing. It is, they say, about maximizing defenses and minimizing losses. John Cambers notes that data breaches aren’t a matter of if- only how big and when.

The odds are stacked against the CSOs and defenders, because attackers only need to exploit a single vulnerability, once, as soon as they find it. Defenders on the other hand, have to protect all attack surfaces, all the time.

“We see about a million hits a day from China alone, trying to break into our network.” Bert Reese ‒ SVP and Chief Information Officer, Sentara Healthcare.

The coming together of such defenders has formed the backbone of a National network of Information Sharing and Analysis Centers – or ISACs.

Impressively, there are 18 industry specific ISACs for increasing the defensive posture of all major and critical infrastructure industries. The one for healthcare is called the National Healthcare ISAC, or NH-ISAC.

Their goals in their own words are: “Services provided by ISACs include risk mitigation, incident response, alert and information sharing. The goal is to provide users with accurate, actionable, and relevant information. Member benefits vary across the ISACs and can include: access to a 24/7 security operations center, briefings, white papers, threat calls, webinars, and anonymous Critical Infrastructure Key Resource (CI/KR) reporting.”

While the full list of members in the ISAC is confidential, the Board of Directors show key security executives from some of the biggest names in the healthcare industry, including insurance giant Aetna.

“Sharing cyber information in real-time is essential for any enterprise to determine targeted vs. opportunistic threats as well as early indicators of compromise. ISACs are unique in creating an opportunity to establish personal relationships facilitated by the many different methods of information sharing including the automation of a sophisticated threat-management platform which is then available to all members, “said Jim Routh – CISO, Aetna and Board Member of NH‒ISAC.

Other industry giants on the Board include:

Other industry giants represented on the Board include:

  • Amgen
  • Emory University
  • Johnson & Johnson
  • McKesson Corporation
  • Merck & Co.
  • Partners Healthcare
  • Pfizer
  • Stanford Health Care
  • SureScripts

ISACs aren’t going to claim victory with cyber wars anytime soon, but they will help increase the defenses for those who participate in them and the healthcare industry is in need of defenders more than most others.