Fighting healthcare cyber threats? Isolate them

Hospitals and clinics are more focused on hackers and blackmailers than ever before due to the threat of attacks such as credential theft through phishing ransomware. The targets are namely patient records, intellectual property or credit card information. A critical challenge for health providers is a lack of IT security experts and the expense of hiring them. Isolation technology is an appealing alternative to putting down the threat while avoiding more employee hours.

Ransomware and related malware exploits work to encrypt critical files, and make it so that hospitals and clinics cannot operate if they have no other way to restore them. The attacks have become increasingly sophisticated and cost healthcare providers lose a lot of money and time.

Attacks find their way in when an employee visits the wrong web site, opens an infected attachment in their email. And yet they are dead simple to perpetrate for a growing number of cyber attackers with readily available exploit kits, be it from groups of internationally organized criminal syndicates or even the 18 year old novice hacker who is motivated to make the "easy money" from these Bitcoin schemes.

Conventional threat prevention products like intrusion prevention systems (IPS), security web gateways, sandboxing, firewalls and others attempt to distinguish between 'good' and 'bad' content do not work. This approach is not effective in eliminating malware because attackers continuously innovate, with new malware worms that avoid detection.

The traditional perimeter-based security architecture died more than five years ago. With the continued move to the cloud, users, applications and data are not safely confined to a physical location such as a campus. Applications are executed and data constantly on the move, AND people often use unsecured devices, (such as Android v4.x) over Wi-Fi networks that have little or no protection.

A dearth of security experts

Medical staff does not have the necessary sensitivity regarding IT security issues. The problem becomes more complicated because of high employee turnover and work overloads, which makes it impossible to carefully deal with the topic or observe the basic behavior rules.

The result is that far too many hospitals fail to conduct regular security audits required to keep them safe from attacks. Even if these experts were readily available, tight budgets make it difficult for hospitals to afford individuals with strong security backgrounds. As a result, they are in perpetual catch-up mode against cyber criminals. Hospitals also pose a relatively easy target because of the high number of points of ingress and egress. Everything in the hospital is connected, as are the patients and staff, all of which serve as potential attack targets.

Most individuals are aware that threats exist, but wrongly assume they are protected by their tradition end-point and infrastructure security systems. Security typically becomes a priority after it's too late, and the IT department is faced with a $35,000 dollar ransom to have their files unlocked (which is not even guaranteed). There is no other way than to raise the priority of IT security in terms of budgets and resources beforehand.

Raise priorities

The first step is to conduct a risk assessment to understand the value of the networked assets vs. the security measures in place to protect them. Then the security infrastructure has to be updated in order of priority, with higher-value assets and most vulnerable elements being addressed first. For a hospital, these are generally patient records, and user devices, such as work stations, lap tops, tablets, and smartphones.

Most high-impact breaches share one common denominator, malware. Malware, an executable drop of dangerous code inserted into a downloaded file at the browser, gets the cyber criminal's foot in the door. Next they probe, manipulate, or encrypt sensitive data. A new approach to preventing malware uses isolation technology, which inserts a secure, trusted execution environment (within a virtual container) between the user and the risky content.

Nothing gets through.

By executing sessions away from the endpoint and delivering only safe rendered information, namely the web page, map, image, file or video they expect to see, users are entirely protected from malware and malicious activity. Isolation is relatively young in a security market struggling for better answers, but these respective solutions have attracted a lot of attention because of their conceptual advantages. In general, the architecture is based on three elements, the isolation platform, virtual containers and rendering.

The isolation platform is implemented between the Internet and the user's devices. It isolates all Internet sessions of the user like web access or e-mail in dedicated virtual containers. Each time a user opens a new tab in the browser, a new container is established. The platform manages a pool of containers, so that there is no latency. All activities are processed in the container. The rendering technology subsequently generates displayable information that is forwarded to the browser. With this technology, the user receives only a rendering of the results. The user's devise does not have to execute any malicious code.

Appealing advantages

The advantages of isolation are impactful. The user receives only safe content and never has to worry about a dangerous web page or file downloaded by her Web browser.

Best of all, there is no special equipment necessary. Advanced isolation platforms work in conjunction with all common native browsers like Internet Explorer, Chrome, Safari or Firefox. The native browser functions like copy and paste, print etc. are still available. As well, there is no need to install any software on the client device. Making things so simple for IT that it is transparent to users and very low impact to manage and update.


For healthcare settings, isolation can be used in conjunction with existing security infrastructure, including end point detection systems, next-gen firewalls and antivirus, acting as they traditionally have. These systems become even more effective when integrated with threat isolation. Cybercriminals will always, target those organizations with the weakest defenses and the most valuable data. Hospitals will always posses valuable data, but by bolstering their security posture with new technology such as isolation, they can make themselves a much less appealing target.

Author Greg Maudsley is a cyber security expert with Menlo Security (Silicon Valley)

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months