How Advanced Ip Filtering Can Protect HealthCare Data

Written by: Francesco Trama | Published on: December 9th, 2015

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Healthcare DataHealthcare organizations, from hospitals to doctors’ offices to insurance offices and more, are prime targets for cyber attacks. If the motivation is to obtain and sell individual private data, healthcare systems provide a number of potential targets that are appealing to cyber attackers, including:

  • Private data
  • Medical devices (connected to the Internet of Things and rich in data)
  • Large and complex networks
  • Large mobile community
  • Online public access to information

In fact, many of these are factors in a number of different industries. But for the moment, let’s focus specifically on healthcare and private medical data. Today, more than ever, demand is being placed on instant access to information and collaboration between patient and doctor. Combine that with poorly equipped primary care offices, and attackers have the ideal climate to gain access to private data. In the words of Robert Gregg, “A financial identity can be worth $5 to $10 if you have all the info. A medical identity can be 5 to 10 times that amount just because how easy it is to monetize that information once the bad guys get it.”

The Importance of Healthcare Data Privacy

A few months ago I visited my primary healthcare provider. They’ve been around for years. They treated my parents, they’ve treated me since I was a child, and now they treat my children as well. The healthcare they provide has always been stellar. Unfortunately, on the technical side of things, they seem to be somewhat lacking.

I sat in the screening room, as the nurse practitioner came in. We chatted for a while about my recent medical issues, and she made notes on a laptop. When we finished the discussion, she walked out, leaving the laptop behind. Once she was gone, I turned to look at the laptop, only to find that she was still logged in. Not only was my medical information freely accessible to anyone who cared to look, but also that of any other patients she’d made notes about.

This sort of thing can extend to hospital rooms, emergency care areas, and more. In any healthcare facility, there’s an increasing number of devices being used, and unless they’re properly protected, they become a weakness and a potential entry point.

This is more than just careless behavior leaving information vulnerable. It violates the Health Insurance Portability and Accountability Act, which requires any facility where patient data is stored to take every possible precaution to protect patient privacy, from firewalls to soundproof walls. It’s not that healthcare professionals are blatantly irresponsible. Doctors and nurses have graver concerns to deal with. It’s much more important for them to focus on a person’s health than on remembering to log out of a system.

Healthcare Vulnerability to Cyber Attacks

Let’s look at the cyber world for a moment. An online attacker can take their time, plan their moves carefully, and reduce the chances of being seen. They don’t have to show their employee ID to a security guard or walk past cameras.

“True,” you say, “But they have to get past the network’s firewall. They may not need an ID, but the system is still password protected.”

However, in the real world, if someone tries to go where they’re not supposed to without ID, the guards will throw them out immediately. If they try to come back, the guards will recognize them and throw them out again. And if by some miracle an intruder DOES manage to get through, they’ll be seen by security cameras, and more guards will be sent after them.

In the cyber world, however, an attacker can take their time and try over and over again until they succeed in penetrating the system’s firewall. They can set 10,000 bots to work on trying every possible password, until one works. They work from non-extradition countries, probing for weak points not just in the hospital network, but in the home networks of patients, doctors, and network administrators, which can provide an in to the healthcare information they’re looking for. Those bots can work tirelessly, every second of the day, until they find a way past security—and they can do so without risk of detection.

Then, once the attacker gets in, they can send the data from the breach network to other people and other countries. And all of this can be done by just a single person with the right equipment. Imagine what thousands of cyber attackers, each with their own bots and their own unique techniques, could do if they tried. The scope is mind blowing.

Protecting Against Cyber Attacks

So how do we keep our healthcare data safe? How do we prevent attackers with the tools we currently have at our disposal? We can implement a more rigorous screening program for users trying to access the system, but this will slow site traffic to a crawl and limit legitimate business operations—as well as overwork the cyber security team—as every request for access is manually evaluated. We need a tool that can screen users automatically, without creating delays of overburdening the security team.

The thing to understand is that no one single tool can do it all. Instead, you need a defense in depth approach, which employs multiple layers of network security. With defense in depth we can place layers from the end user to the perimeter. This is a good start, but there needs to be enough layers between the Internet and the core without sacrificing latency.

Many organizations think that the firewall by itself, using multiple features, can provide adequate protection. However, all it really does is force security professionals to use inadequately equipped devices and curtail the flow of traffic into the environment. Firewalls are the “Jack of all trades, but the master of none.”

Take, for example, those 10,000 bots from earlier. Many security teams employ an online service that uses pre-built ACLs and RBLs to filter out requests by country using an Advanced Ip  filter. On the surface, this seems like an easy solution. Those 10,000 bots may have different IPs, but they all originate from the same country, so blocking it will keep them all out with a single stroke. However, in the global economy, there may be plenty of legitimate business originating from that country as well, and setting up an all-purpose block will keep that business out as well.

Our economy is spread across the entire planet. Therefore, you have to be able to take into consideration how the Internet communicates. There is no straightforward way to address this with today’s security devices, and solving the problem involves implementing a complex set of rules and policies into your firewall. Sorting through these rules and policies can leave your security team with a jumbled mess to sort through. Because of this, more and more users are moving away from Advanced Ip  filtering and back to manual threat detection and inspection, which leaves you with the problems of network bottlenecks and overworked security personnel that you started out with.

Going Beyond Advanced Ip

So what can you do to protect your network from attackers? The solution is a product like PacketViper, which functions like an Advanced Ip  layer, only smarter and more discerning, to filter out bots and attackers while allowing legitimate requests through. “Designed to work as a completely separate layer, PacketViper’s Advanced Ip  filter not only addresses the layer with impunity, but provides you with controls to combat the confusion that Advanced Ip  generally causes.” A product such as this can lower 40-50% of the traffic volume without jeopardizing your production environment.

Let’s look again at those 10,000 bots trying to crack your network. If you run them through a PacketViper first, it greatly diminishes their numbers, limiting the attacker’s opportunities to find a way into the system. A product like PacketViper lessens the impact of attackers and lowers the number of alerts that security needs to deal with personally, relieving the burden on your team and allowing them more time to deal with each threat more thoroughly. The result is a safer, more reliable network that’s HIPAA compliant and easier to manage.

I’ll close with this quote from George Grachis: “The Internet was not designed to be secure, we moved everything we had to it and did not consider the risk.” Now that we have no choice but to consider any and all risks posed to healthcare entities, how do you plan to keep keep your environment safe? {{cta(‘8f70ee60-4146-4b52-b1b9-3c44544e2cd2′,’justifyright’)}}