Analyzing user behavior and content across channels can help protect data

By 2024, healthcare organizations experienced the most expensive cyber attacks, costing nearly $10 million.¹ And with the proliferation of ransomware and piracy tools, healthcare will continue to be targeted by such attacks.

“[Threat actors] they try to extort payments from organizations. That’s a trend we’re seeing,” said Ryan Witt, Proofpoint’s vice president of industry solutions and chairman of the company’s healthcare consumer advisory board.

Chief information security officials are also concerned about data loss caused by insiders, compromised accounts and careless users with unsecured email. , remote work applications, cloud computing and productivity platforms.²

Advanced security measures are needed to protect patient information from AI-enhanced ransomware, phishing and insider threats and to ensure the integrity of healthcare systems. Understanding the current health threat landscape is the first step to adopting a human-centered, data security approach.

Protecting data starts with people

Today, attackers attack people, not technology. That’s where cybersecurity leaders should focus their attention and resources.

“The economy of cybercrime is based on how victims interact,” said Brian Reed, senior director of cybersecurity strategy at Proofpoint. “It’s a lot less hassle to go in and socially engineer a victim or design a hacking trap than it is to spend time and energy building, testing and releasing holiday spoilers.”

Reed estimates that in healthcare, like many other industries, about 80% of attacks focus on human factors rather than technical weaknesses. “Most of those data loss cases are good people making bad decisions,” he said. According to Reed, the most common such threats are:

• Ransomware attacks, which often include prompting to install a browser extension, click a link or download an application;
• Compromising commercial email, including covert attempts to get users to take action outside of their normal course of action; and
• Loss of data due to malicious, compromised or negligent individuals.

To prevent accidental and inadvertent data loss

Typically, cyber security refers to the ability to catch vulnerabilities, stop phishing attempts and identify social engineering attempts before they reach end users. However, the significant increase in endpoints and the proliferation of cloud computing across the healthcare environment and an ever-changing workforce that may include part-time workers and mobile nurses have increased the need for cloud solutions. data loss protection (DLP).

Evidence of 2024 Data Loss Zone the report said that 70% of respondents say that careless users are the main cause of data loss and breach of control.³ Image of Verizon 2024 Data Breach Investigation Report found that 68% of crimes involve “a harmless human element, such as someone falling for a social engineering attack or making a mistake.”⁴ To illustrate this point, a 2023 report from Tessian (now a Proofpoint company) found that about a third of employees send about two emails to the wrong recipient a year and a year.⁵

DLP solutions recognize that preventing data loss from the inside is just as important as stopping external access. Many methods use an advanced matching method to try to identify important data that may be accidentally or intentionally generated before it leaves the network. Advanced DLP goes a long way; large language models can look through billions of records and sort out important information by understanding the context and relationships between files and directories.

Joshua Linkenhoker, a Proofpoint business security consultant, said these models can scan e-mails or files being transmitted to identify links that may contain sensitive information. Even more powerfully, AI can be trained on human behavior to stop hard to catch mistakes like accepting the wrong email submission for an email recipient. Linkenhoker calls it “behavior-driven action.”

Get data output from email, cloud and endpoints

Real-time AI applications add a powerful role to automation. Every time an employee is guided to make the right choice about handling sensitive data, a potential breach of law is avoided.

Behavioral AI can also train users to think twice before transferring data to an unsecured cloud storage folder or sharing a sensitive file via OneDrive or SharePoint. Witt believes that cloud-based productivity systems designed specifically to share information have become a major threat to healthcare.

Reed acknowledged that it’s one thing to anticipate targeted cybercriminal movements, but it’s much harder to anticipate the performance, if not security, of overburdened healthcare workers.

Of course, he added, AI behavior can also stop strange behavior with bad intentions. When an unsuspecting user starts renaming important financial files “family pictures.zip,” moving them to a USB drive and deleting them from a local drive, it’s clear that this type of overreach is not guilty. And without the ability to use scalable AI to detect suspicious behavior, it’s difficult to identify inside actors.

With the increasing number of endpoints and monitoring stations, specialized information security solutions have increased. While a “security in depth” approach is important, the volume of data sources can make it more difficult for healthcare security analysts to analyze events in real time and understand actions. of people according to the context.

Evidence-based research has shown that nearly 70% of IT professionals surveyed rank visibility into sensitive data, user behavior, and external threats as the most important capabilities of malware prevention programs. data loss.⁶ It’s a complex problem because information security analysts need to see both depth and breadth at the same time, also known as visibility at scale.

When information flows from different sources are combined, health care organizations can go from protecting against known, commercial attacks to preventing the most advanced, designed and unanticipated operations. That provides the opportunity to use AI across information silos to achieve a real-time, 360-degree view of the threat environment.

“Now you have to go find the needle in the haystack,” Witt said. “You need that level of full visibility, that level of analytics, that level of AI that sees a small number of interactions…. You’re capturing a very small fraction of the total traffic, but it’s so small. it’s really important.”

Download the Proofpoint-HIMSS white paper on adopting a human-centered approach to healthcare data security Here.

References

1. IBM and Ponemon Institute. 2024. Cost of Information Crisis Report 2024. https://www.ibm.com/reports/data-breach.

2. Proofpoint and CyberEdge. 2024. 2024 site of data loss. https://www.proofpoint.com/us/resources/threat-reports/data-loss-landscape.

3. Ibid.

4. Verizon. 2024. Verizon Data Breach Investigation Report 2024. https://www.verizon.com/business/resources/reports/dbir/.

5. Evidence. 2024. To change DLP [eBook]. https://www.proofpoint.com/sites/default/files/e-books/pfpt-us-eb-rethinking-dlp.pdf.

6. Proofpoint and CyberEdge, 2024 site of data loss.