cyber threat hunting healthcare

Three Use Cases For Proactive Threat Hunting and Detection Within Healthcare Organizations

This post was last updated on August 23rd, 2021 at 05:34 pm

Malware Hunting is a Necessity in Today’s Enterprise IT Environments

Cyber attacks are evolving so rapidly that security teams are struggling to integrate and operationalize security tools that apply to only one area of the protection model.

Malware Hunting (threat hunting) for example is becoming a necessity in today’s enterprise IT environments — especially for organizations charged with protecting our personally identifiable information (PII) and health data.

AT&T is working with Infocyte to leverage different use cases (Network Hygiene, SIEM Alert Validation, and Cybersecurity Compromise Assessments) to quickly and conclusively identify malware/APTs across local, cloud-based, and hybrid networks. This cloud-deployable SaaS solution can be used either as a standalone tool for independently validating your hospital’s network or as part of an integrated solution to assist in ongoing threat hunting and incident response operations across a network of hospitals.

Network Hygiene

Network hygiene is becoming one of the most critical aspects of maintaining a secure network. Gone are the days where you could simply block unknown traffic and rely on passive/reactive monitoring tools to ensure your network was not compromised. As threats have evolved, and security teams struggle to stay ahead, we’ve entered an era of zero trust gateways, artificial intelligence/machine learning SIEMS, trust and verify applications, and malware hunting.

AT&T urges its healthcare customers to consider a proactive malware scanning solution, such as Infocyte HUNT, to continually verify the compromise state of their endpoints (hospital systems, medical devices, and computers) confirming whether or not they are free of malware and breaches. It is vitally important to run these scans before they backing up their data/systems to avoid backing up and storing hidden malware within their archives.

No downtime is acceptable in a healthcare environment and very few events create more havoc than backing up malware to later rely on those backups as a restore point in the event of a ransomware attack. A network hygiene solution designed to verify servers/endpoints/devices are clear of malware and breaches is something you can do today. Further, with Infocyte HUNT, you can verify the compromise state of every host at your hospital (or across a distributed network of hospitals) at a fraction of the cost of most enterprise endpoint security solutions. As a result, you get a verifiable way to improve your healthcare org’s security posture.

SIEM Alert Validation

Despite the rich data and analytical power provided by security information event management or SIEM installations, security analysts still find themselves drowning in thousands of SIEM alerts — including many false positives and unknown/uncaught false negatives — making it difficult identify the truly actionable events and important alerts.

Security teams need a process that allows their analysts a way to quickly verify events (SIEM alerts) determine which are actually actionable and which can be ignored/filtered out. AT&T’s Malware Hunting Solution (Infocyte HUNT) adds to the bottom-line ROI when utilized as a highly accurate SIEM alert validation (event validation) solution. Infocyte Hunt can be integrated with your hospital’s SIEM to eliminate hours of burned time used by security analysts in investigating a false positive alarm. By immediately investigating an alert and conclusively determining whether or not an endpoint is compromised, Infocyte HUNT eliminates the guesswork.

Cybersecurity Compromise Assessments

Malware infections and uncaught breaches pose the greatest risk to healthcare organizations, because of the amount and type of data they manage. Insurance details, personal data, and health information are all stored within a hospital’s system. The impact of uncaught malware, leading to a data breach, ranges from lost consumer/customer trust to large lawsuits with significant impacts on your organization’s legal, civil, and financial health.

As a result, your hospital’s cybersecurity strategy needs to start with knowing the current security posture or compromise state of your network. Attackers — even the not-so-sophisticated ones — are often resident inside a network for months, even years, before being detected. As evidenced by the growing number of preventable data breaches in the news, existing defensive technologies are not enough to stop/prevent 100% of cyber threats from penetrating your perimeter. You need an offensive, or proactive, cybersecurity solution to smoke out hidden cyber threats.

While vulnerability assessments and penetration tests look for security gaps and vulnerabilities, they’re not designed to detect existing malware, breaches, and advanced attacks.

A Compromise Assessment, however, does verify the presence of current, past, and scheduled attacks by inspecting each host — physical and virtual — across your network, including within live volatile memory (to hunt for file-less attacks). Ongoing compromise assessments provide peace of mind and with Infocyte HUNT they can be automated without impacting hospital operations or network productivity.

Contact us to request a Compromise Assessment, or reach out to your AT&T Business representative to learn more about their Threat Hunting and Incident Response services.

Test out Infocyte's endpoint + Microsoft 365 detection and response platform for free. Sign-up for our community edition here and get started in minutes: