Three Use Cases For Proactive Threat Hunting and Detection Within Healthcare Organizations

cyber threat hunting healthcare

Malware Hunting is a Necessity in Today’s Enterprise IT Environments

Cyber attacks are evolving so rapidly that security teams are struggling to integrate and operationalize security tools that apply to only one area of the protection model.

Malware Hunting (threat hunting) for example is becoming a necessity in today’s enterprise IT environments — especially for organizations charged with protecting our personally identifiable information (PII) and health data.

AT&T is working with Infocyte to leverage different use cases (Network Hygiene, SIEM Alert Validation, and Cybersecurity Compromise Assessments) to quickly and conclusively identify malware/APTs across local, cloud-based, and hybrid networks. This cloud-deployable SaaS solution can be used either as a standalone tool for independently validating your hospital’s network or as part of an integrated solution to assist in ongoing threat hunting and incident response operations across a network of hospitals.

Network Hygiene

Network hygiene is becoming one of the most critical aspects of maintaining a secure network. Gone are the days where you could simply block unknown traffic and rely on passive/reactive monitoring tools to ensure your network was not compromised. As threats have evolved, and security teams struggle to stay ahead, we’ve entered an era of zero trust gateways, artificial intelligence/machine learning SIEMS, trust and verify applications, and malware hunting.

AT&T urges its healthcare customers to consider a proactive malware scanning solution, such as Infocyte HUNT, to continually verify the compromise state of their endpoints (hospital systems, medical devices, and computers) confirming whether or not they are free of malware and breaches. It is vitally important to run these scans before they backing up their data/systems to avoid backing up and storing hidden malware within their archives.

No downtime is acceptable in a healthcare environment and very few events create more havoc than backing up malware to later rely on those backups as a restore point in the event of a ransomware attack. A network hygiene solution designed to verify servers/endpoints/devices are clear of malware and breaches is something you can do today. Further, with Infocyte HUNT, you can verify the compromise state of every host at your hospital (or across a distributed network of hospitals) at a fraction of the cost of most enterprise endpoint security solutions. As a result, you get a verifiable way to improve your healthcare org’s security posture.

SIEM Alert Validation

Despite the rich data and analytical power provided by security information event management or SIEM installations, security analysts still find themselves drowning in thousands of SIEM alerts — including many false positives and unknown/uncaught false negatives — making it difficult identify the truly actionable events and important alerts.

Security teams need a process that allows their analysts a way to quickly verify events (SIEM alerts) determine which are actually actionable and which can be ignored/filtered out. AT&T’s Malware Hunting Solution (Infocyte HUNT) adds to the bottom-line ROI when utilized as a highly accurate SIEM alert validation (event validation) solution. Infocyte Hunt can be integrated with your hospital’s SIEM to eliminate hours of burned time used by security analysts in investigating a false positive alarm. By immediately investigating an alert and conclusively determining whether or not an endpoint is compromised, Infocyte HUNT eliminates the guesswork.

Cybersecurity Compromise Assessments

Malware infections and uncaught breaches pose the greatest risk to healthcare organizations, because of the amount and type of data they manage. Insurance details, personal data, and health information are all stored within a hospital’s system. The impact of uncaught malware, leading to a data breach, ranges from lost consumer/customer trust to large lawsuits with significant impacts on your organization’s legal, civil, and financial health.

As a result, your hospital’s cybersecurity strategy needs to start with knowing the current security posture or compromise state of your network. Attackers — even the not-so-sophisticated ones — are often resident inside a network for months, even years, before being detected. As evidenced by the growing number of preventable data breaches in the news, existing defensive technologies are not enough to stop/prevent 100% of cyber threats from penetrating your perimeter. You need an offensive, or proactive, cybersecurity solution to smoke out hidden cyber threats.

While vulnerability assessments and penetration tests look for security gaps and vulnerabilities, they’re not designed to detect existing malware, breaches, and advanced attacks.

A Compromise Assessment, however, does verify the presence of current, past, and scheduled attacks by inspecting each host — physical and virtual — across your network, including within live volatile memory (to hunt for file-less attacks). Ongoing compromise assessments provide peace of mind and with Infocyte HUNT they can be automated without impacting hospital operations or network productivity.

Contact us to request a free Compromise Assessment, or reach out to your AT&T Business representative to learn more about their Threat Hunting and Incident Response services.

See Infocyte HUNT in Action. Request a Live Demo.

Request a Live Demo of Our Award-winning Threat Hunting and Incident Response Platform.

More from our blog

cybersecurity siem alert validation fatigue

Security Brief: SIEM Alert Validation and the Dangers of Alert Fatigue

March 27, 2019

Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.

Read More »
2018 healthcare data breaches report

5 Takeaways From Reviewing 2018’s Healthcare Data Breaches

March 19, 2019

In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…

Read More »
hidden cyber attacks

Hunting, Detecting, and Responding to Hidden Threats Using FSA

March 12, 2019

A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…

Read More »