This is the view of a white paper produced by the Institute for Critical Infrastructure Technology (ICIT) in the US, which asserts that the ransomware epidemic will only become more severe and costly as the volume of ransomware and other cyber attacks increases in 2017.
The document is stark in its assessment of the situation facing the healthcare sector, which it says is “pummelled by ransomware attacks, insider threats, APT campaigns, and other cyber-attacks designed to distract, consume resources, profit by compromising the confidentiality, availability, or integrity of critical health systems, or to outright exfiltrate sensitive EHR, PII, IP, and other data.”
According to the paper’s authors, the healthcare industry is the primary perpetual target of cyber attackers due to the massive amounts of disparate data collected, stored, and inadequately protected.
In early 2015, an LA hospital’s entire internal computer system went down for more than a week after becoming infected with ransomware, which encrypted patient records and demanded 9,000 bitcoins (almost $3.7m) to unlock them.
Unable to access patient’s records the hospital had to revert to using paper and pen and had to send A&E patients to different hospitals.
According to Mike Ahmadi, global director of critical systems security for the Synopsys Software Integrity Group, interviewed in the same article on www.ifsecglobal.com, “The software industry are really pushing back on any attempts to regulate them against cyber security issues. If governments don’t start mandating some sort of real responsibility for software companies, where many of the serious issues actually lie, I believe we may be facing a black-swan event.”
Black swan events are defined as such because they are low probability, high impact and extremely difficult to predict.
According to ICIT’s white paper the potential solution lies in the power of machine-based artificial intelligence as a cybersecurity defence layer to defend against hyper-evolving APTs and malware.
The paper includes screenshots of next-generation ransomware available on deep web forums, discusses how easy it is for adversaries with minimal technological capability to customize ransomware and analyses how machine based artificial intelligence can predict threats.
Exabeam’s Rick Caccia, an ICIT Fellow, says: “Artificial Intelligence and Machine Learning bring the same value to healthcare security that they bring to other industries: using big data analytics to detect threats and assist in response. Machine Learning [ML] can be applied to two useful areas in healthcare cybersecurity.”
The first is using ML to link seemingly unrelated activities together. So for instance, a hacker might use multiple accounts to access different types of sensitive information. Each account might have valid access rights to some of the data, so rules-based security solutions will not detect a problem.
But ML can track IP address and other identifying information to link the parts into a single unified session that can be attributed to an individual. The second area is to then assess the behaviours of those suspicious identities to determine if risky behaviour is underway.
The healthcare sector is already using cognitive and AI solutions for big data analytics and for clinical applications. “Now, the industry needs to responsibly protect its patients and their data by adopting algorithmic defense solutions,” asserts ICIT’s white paper.
