Penn Medicine security exec: Advanced threat protection vendors and hospitals must join forces to fight cybercriminals

To fend off increasingly sophisticated cyberattacks, professionals can tap into ATD tools to more effectively share threat information, says John Donohue, associate CIO of technology and infrastructure at Penn Medicine.
By John Donohue, Penn Medicine
02:30 PM
Share
advanced threat protection

In the “old days” of healthcare information security (only about three years ago) you could slap a firewall on your network to manage external connections and sleep well at night. But those days are long gone as the “Blackhats” have become more sophisticated, more motivated and more resourceful. 

The Department of Homeland Security, in fact, recently indicated that “the healthcare and public health sector will continue to be one of the primary targets for malicious cyber actors.”

As long as the value of patient information and proprietary data remains high on the black market, healthcare organizations will be forced to invest information security technologies in an attempt to keep pace with hackers.

One such investment that must be considered is Advanced Threat Protection (ATP) technologies.

Here’s why: The more advanced ATP companies (and there are several) leverage their global telemetry capabilities to more rapidly recognize threats from all over the globe — and the more that hospitals deploy these tools — the better able healthcare as an industry will be to combine intelligence and help put a finer point on clear and present risks.

The Holy Grail in information security is to shift to a proactive model that uses predictive tools to identify threats early and before they can impact an organization’s systems. Because this approach is incredibly resource intensive and expensive, most organizations have not been able to completely shift to this model. Just short of that is the ability to dramatically reduce the time to identify, prioritize or eliminate threats. This can be achieved with the capabilities of an Advanced Threat Protection tool.

When I think of Advanced Threat Protection, I immediately think about threat landscapes that include endpoint devices.

Before ATP was available, organizations needed different tools running on different platforms from different vendors. Correlating threat information across these disparate systems took time and numerous resources. With a centralized APT capability, however, an organization can manage these threats on a single pane of glass across the enterprise environment. This technology enables information security professionals to focus on prevention and remediation work rather than lengthy identification investigations. And that frees information security professionals to focus on the threats themselves.

These advanced tools can help organizations be prepared prior to a potential attack or can help them to see if they are experiencing an attack that might otherwise go undiscovered – all based on the intelligence from the ATP capabilities.

On any given day in a healthcare IT shop, the information security professionals are getting deluged with attack information. 

This attack information can be coming from the firewall, the antivirus software, web filters and other sources. The ability to identify which attacks are the most dangerous and require the most immediate and acute attention is key to avoiding a costly breach or incident. 

The top ATP products have intelligent engines that can digest these information sources and quickly provide guidance on the most dangerous events.  This information is incredibly useful for a healthcare organization that has finite internal information security resources.

If and when an advanced security attack is discovered, organizations can use ATP to quickly identify where and when the threat has occurred within their enterprise. Furthermore, organizations can use this capability to quarantine or isolate devices, email or network components to contain the spread of the attack. 

Lastly, the tools can be used to remotely remediate the results of the attack, blacklist the threat from occurring again and also restore endpoints that were previously quarantined. Without an ATP capability, this is incredibly time-consuming and invasive.

Yes, deploying ATP tools will help protect your organization —and as providers and security vendors band together and share threat information the technologies can also be used for the greater good.

John Donohue is associate CIO of technology and infrastructure at Penn Medicine.


Like Healthcare IT News on Facebook and LinkedIn