Aug 04 2017

Endpoint Security Tools Help Healthcare Organizations Keep Cyberattacks in Check

Strategies and technologies evolve to respond to an ever-growing threat landscape.

Fisher-Titus Medical Center prides itself on staying ahead of the technology curve.

The Norwalk, Ohio-based provider organization — which includes a 99-bed acute-care hospital, a 69-bed skilled-nursing ­facility, a 48-unit assisted-living facility and outpatient services — incorporates IT into all aspects of care delivery, from deployment of an integrated electronic health record system to use of real-time location ­service tools and devices.

The organization prioritizes both information security and protecting those additional endpoints in an increasingly unstable cybersecurity landscape, says Peter Jacob, manager of IT operations and infrastructure for Fisher-Titus. He and his team sought a solution to identify hacking patterns and deliver analytics about such threats after realizing recently that traditional signature-based ­anti-virus software could no longer protect the hospital’s growing environment against new threats such as zero-day attacks.

Fisher-Titus turned to Palo Alto Networks’ Traps endpoint solution. The tool works seamlessly with Palo Alto Networks’ PA-series firewalls and its cloud-based WildFire threat analysis system. That integration appeals to Jacob, who says the deployment has made an immediate impact on the organization.

“We run Traps on all our Windows and Mac notebooks, desktops and ­servers for about 1,000 employees,” he says. “If anything gets through the firewall, Traps will catch it.”

Such endpoint security solutions help healthcare organizations of all sizes keep pace as their threat vectors rapidly multiply.

The Malware Threat Explodes in Healthcare

Traditional signature vendors previously focused on the file, says Peter Firstbrook, a Gartner research vice president who keeps track of endpoint security trends. To obtain memory access before running PowerShell and other utilities, hackers today turn to vulnerability exploits that help them to bypass inspection.

“Organizations need endpoint tools today that run behavioral analytics,” Firstbrook says. “Behavioral approaches don’t focus on the specifics of the file, but rather examine the actions of a PC. If that deviates from expected behavior, then it likely is infected.”

Symantec blocked roughly 229,000 unique web attacks on endpoint computers every day in 2016, according to the company’s April 2017 Internet Security Threat Report. While malware remains a persistent threat to healthcare organizations — with more than 357 million new variants observed in 2016 — the rate of malware seen on endpoints increased by only half a percent from 2015 to 2016, the report notes.

Still, many new variants of malware materialized in the second half of 2016 because of an increase in ransomware downloads propagated over email by the Necurs botnet. That activity spiked in October 2016, Symantec reports.

Traps takes immediate action to quarantine malicious executable files in the event malware launches on Mac or Windows, Jacob says. Traps then moves the malware from the local folder to a local quarantine folder.

Traps also notifies users of quarantined files as long as alerts are enabled. Administrators then have the ability to delete the quarantined files on a first-in, first-out basis.

Riverside Healthcare Looks to a Holistic Security Approach

Erik Devine, chief information security and technology officer at Riverside Healthcare, throws the kitchen sink at the bad guys.

The Kankakee, Ill.-based integrated health system segments network traffic using a combination of Fortinet firewalls, Cisco Meraki Wi-Fi and Cisco Systems and HP edge and core switches. Network engineers segregate traffic to protect critical applications and data from malware and other lingering security threats.

Riverside also fully encrypts all of its desktops and notebooks. Devine installed the Kaspersky Anti-Virus suite, which features modern behavioral analysis capabilities, on all of the health system’s client machines.

The system deploys AirWatch mobile device management software to protect tablets and smartphones, as well as some of the MDM features on the hospital’s Meraki wireless network. Devine considers each tool critical to protecting the organization’s endpoints.

We take a very aggressive approach to endpoint security, and we really need to be that way,” he says. “In a hospital situation, patients’ lives are on the line.”

Chris Langer

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT