Reviewing user conduct and material across all platforms could assist in safeguarding data
During the year 2024, healthcare institutions faced numerous costly cyber incursions, resulting in an average loss of nearly $10 million.1 The surge in ransomware and extortion schemes suggests that healthcare remains a prime target for such assaults.
“Threat actors aim to coerce organizations into making payments. This is a prevalent trend,” remarked Ryan Witt, who serves as the Vice President of Industry Solutions at Proofpoint and chairs the company’s healthcare customer advisory board.
Chief information security officers in the healthcare sector are also apprehensive about potential data breaches caused by malicious insiders, compromised accounts, and the inadvertent actions of users on unsecured email, remote working applications, cloud services, and productivity platforms.2
Implementing advanced security protocols becomes imperative to shield patient data from AI-augmented ransomware, phishing activities, insider threats, and to ensure the operational continuity of healthcare services. Understanding the current threat landscape in healthcare serves as the initial stride towards embracing a proactive and people-centric approach to data security.
Empowering data protection commences with individuals
Presently, perpetrators target individuals rather than technology. This underscores the significance of cybersecurity leaders directing their attention and resources towards people.
“The cybercrime realm principally thrives on the exploitation of human interactions in the digital sphere,” highlighted Brian Reed, the Senior Director of Cybersecurity Strategy at Proofpoint. “It involves far less effort to manipulate a victim or fabricate a phishing lure than investing time and resources into developing, testing, and launching zero-day exploits.”
Reed approximates that approximately 80% of attacks in the healthcare sector, similar to most other industries, focus on the human factor rather than technical vulnerabilities. He notes, “The majority of incidents involving data loss transpire due to well-intentioned individuals making regrettable choices.” According to Reed, the primary threats encompass:
- Instances of ransomware attacks that typically trick users into installing a browser extension, clicking a link, or downloading an application;
- Business email compromise scenarios where deceptive attempts persuade users to deviate from their usual operational procedures; and
- Data breaches resulting from malicious, compromised, or negligent insiders.
Mitigating unintentional and intentional data breaches
Traditionally, cybersecurity defenses primarily revolved around patching vulnerabilities, thwarting incoming phishing attacks, and identifying social engineering endeavors before they impact end users. However, the proliferation of endpoints, widespread adoption of cloud technologies across the healthcare ecosystem, and a fluctuating workforce that includes temporary staff and traveling clinicians have heightened the necessity for Data Loss Protection (DLP) solutions.
As indicated in Proofpoint’s 2024 Data Loss Landscape report, 70% of respondents attributed data losses and regulatory violations to negligent users.3 Verizon’s 2024 Data Breach Investigation Report revealed that 68% of breaches involved a “non-malicious human element, such as falling prey to a social engineering ploy or making an error.”4 Illustrating this point, a study by Tessian (now under Proofpoint) in 2023 unveiled that around one-third of employees sent approximately two emails to incorrect recipients annually.5
DLP solutions acknowledge that averting internal data leaks holds equal significance as thwarting external threats. Most strategies employ intricate pattern recognition to identify sensitive data that might be unintentionally or deliberately exfiltrated before exiting the network. Advanced DLP methodologies go a step further, utilizing extensive language models to scrutinize billions of records and classify sensitive information by discerning context and interrelationships among files and directories.
Joshua Linkenhoker, an Enterprise Security Advisor at Proofpoint, mentioned that these models can scrutinize outbound emails or file transfers to detect attachments possibly containing sensitive data. Moreover, AI can be trained using human behavior patterns to prevent challenging errors such as selecting an erroneous autofill suggestion for an email recipient. Linkenhoker refers to it as “behavior-driven functionality.”
Spotting data exfiltration from emails, cloud platforms, and endpoints
Real-time AI interventions add a valuable dimension to automated regulatory compliance. Each time an employee is steered towards handling sensitive data correctly, it mitigates the risk of regulatory infractions.
Behavioral AI can also counsel users against transferring data to insecure cloud storage locations or sharing sensitive documents via OneDrive or SharePoint. Witt believes that cloud-based productivity tools, designed with default sharing features, have emerged as a notable vulnerability in healthcare.
Reed acknowledged the challenge of predicting the agenda of a determined cybercriminal versus anticipating the innovative yet unsecure practices of an overwhelmed healthcare workforce.
He emphasized that behavioral AI is equally adept at thwarting anomalies with malicious intent. For instance, when an employee who has submitted their resignation begins renaming sensitive financial files as “family pictures.zip,” moving them to a USB drive, and deleting them from a local drive, it becomes evident that the data exfiltration is not innocent. Without the ability to utilize scalable AI to discern suspicious activities, recognizing internal bad actors becomes notably arduous.
With a rising number of endpoints and channels necessitating supervision, specialized information security solutions have become more prevalent. While a “defense in depth” strategy remains valuable, a multitude of data inputs can complicate the real-time analysis of incidents for healthcare security analysts and understanding human actions within context.
Research by Proofpoint indicated that nearly 70% of surveyed IT experts consider visibility into sensitive data, user conduct, and external threats as the most critical attributes for effective data loss prevention initiatives.6 This presents a complex challenge since information security analysts must concurrently view deeper and broader perspectives, termed as having scalable visibility.
When data from diverse origins is integrated, healthcare institutions can transition from fending off conventional, standardized attacks to preventing sophisticated, tailored, and unanticipated breaches. This provides an avenue to deploy AI across data silos to achieve a comprehensive, context-aware perception of the threat landscape.
“The task now is identifying the proverbial needle in the haystack,” remarked Witt. “Complete visibility, robust analytics, and AI detection of a minimal fraction of interactions are critical. It’s about capturing that vital fragment amidst the overwhelming traffic.”
Access the full Proofpoint-HIMSS white paper on embracing a people-centric approach to healthcare data security here.
References
1. IBM and Ponemon Institute. 2024. Cost of a Data Breach Report 2024. https://www.ibm.com/reports/data-breach.
2. Proofpoint and CyberEdge. 2024. The 2024 Data Loss Landscape. https://www.proofpoint.com/us/resources/threat-reports/data-loss-landscape.
3. Ibid.
4. Verizon. 2024. Verizon 2024 Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/.
5. Proofpoint. 2024. Transforming DLP [eBook]. https://www.proofpoint.com/sites/default/files/e-books/pfpt-us-eb-rethinking-dlp.pdf.
6. Proofpoint and CyberEdge, The 2024 Data Loss Landscape.
About Author
