Protecting Hospitals from Cyber Attacks
Hospitals and healthcare facilities are at risk from both accidental and targeted cyber attacks. They operate with personal sensitive patient data that could be used by attackers for blackmail and is highly valued on the black market. In addition, hospitals consist of critical information infrastructure and its disruption can put lives at risk. Protecting these systems is not only necessary as a matter of principle, but in some cases, it is also mandated by law.
GREYCORTEX Mendel provides effective protection against cyber attacks by monitoring network infrastructure, controlling configurations and access, and detecting unusual network behavior. This contributes to the smooth running of hospitals.
“We particularly appreciate the independence of the product from the existing infrastructure and the high reliability of the hardware, as well as virtual deployment. In our day-to-day work, we value the email alert settings, their subsequent checking in Mendel and the detailed search options.”
Cybersecurity Officer, Bulovka Hospital, the biggest hospital in the Czech Republic
Hospitals as Lucrative Targets for Cybercrime
With the increasing number of cyber attacks on healthcare facilities, it is essential for hospitals to protect their systems, which, among other things, fall under the European NIS and NIS2 directives. This means there is a need to detect cyber threats on internal networks and store data from networks long term.
The ideal solution for providing convenient and fast visibility into the network is a tool that does the work of a large team through machine learning. It detects any weaknesses in the network, highlights them, and is, thus, usable even in cases when there are undersized departments dedicated to hospital cybersecurity.
The network infrastructure of hospitals consists of facilities of different ages. Whether it’s medical devices, computers and their operating systems, or even some security features, outdated equipment can be a gateway to the internal network. And if information systems are compromised, the hospital may not be able to retrieve medical records or determine the availability of drugs and supplies. In a worst-case scenario, the attack will also affect the operational infrastructure, taking parts of the hospital out of service and putting patients’ lives at risk. Legacy devices will not disappear from hospitals anytime soon, but monitoring their communications is often the only way to protect the infrastructure in the event of them being compromised.
To ensure the hospital’s reputation, sensitive data needs to be protected. Whether it’s patient data, such as personal or health information, scientific research data, or even confidential CCTV footage, you need to know where and how data flows within the infrastructure and catch any unusual data transfers early.
Challenges in ensuring hospital cybersecurity:
- Provision of convenient and fast visibility into the network infrastructure.
- Monitoring of network traffic, including medical devices, technology equipment and vendor access.
- Detection of attempts to exploit vulnerabilities in all devices connected to the network.
- Prevention of leakage and loss of sensitive information, thereby damaging the hospital’s reputation.
- Determining the causes of application and network underperformance issues.
- Enabling the hospital’s internal team to effectively ensure infrastructure security.
- Meeting legislative requirements for the storing of network communication history.
“In our hospital infrastructure, we use many different technologies, including special medical devices and technologies that are used temporarily for medical research and development. That is why we need to segment the whole infrastructure and monitor everything.”
Informatics Centre Officer, The University Hospital Brno (Czech Republic)
Solution: Network Analysis and Identification of Its Deficiencies
The first step in ensuring the cybersecurity of a hospital is to analyse the network infrastructure. To do this, we offer the deployment of our product in the form of a proof of concept (PoC), where the customer gets a basic overview of their network within the first few days. After this basic network analysis, Mendel discovers the first security risks, compromised devices, security policy violations, and misconfigurations. Many of these can often be fixed easily.
As a part of the full deployment of GREYCORTEX Mendel, the product is tailored to the customer’s specific infrastructure to meet their needs. Through machine learning and artificial intelligence, Mendel learns how the network operates in normal operation and alerts the user in the event of any anomaly.
Mendel can also monitor traffic in multi-site facilities. Some hospitals just need coverage within a single location where all data converges – this can be supplemented with NetFlow data sources to provide visibility where appropriate. Some facilities require distributed deployment in the form of a collector to store and evaluate data and sensors that are deployed across multiple sites.
- Deployment of GREYCORTEX Mendel in the form of a proof of concept to determine the basic parameters of the network and verify its condition.
- Fast implementation: after only seven days, the customer receives the first automated analyses.
- A quick overview of the customer’s extensive infrastructure, regardless of the number of sites monitored.
- Identification of vulnerabilities and risk events, detection of cyber threats.
- A final report with recommendations for eliminating network deficiencies.
- The setup and customization of the product together with our partner.
“We were struggling with slower communication between machines and servers, and GREYCORTEX Mendel helped us find where the problem was through traffic analysis.”
Tomáš Kořínek, Network Administrator, University Hospital Ostrava (Czech Republic)
Results: Continuous Cybersecurity of the Hospital
GREYCORTEX Mendel provides complete visibility of network traffic down to the response level of individual application protocols. It continuously monitors the internal network and the medical devices in it, including any external access and service interventions by their suppliers. In addition, Mendel monitors the communication of all server segments – domain controllers, information systems, as well as hospital information systems. The customer’s internal team can, thus, see who is accessing which device and from where, and has a comprehensive overview of all network activity. This visibility enables users to effectively manage access, modify and control the necessary device and network settings, thereby incrementally improving the security of their network infrastructure.
The actual deployment of the Mendel system in many healthcare facilities is complemented by the services of our partners, who provide managed security of the customer’s infrastructure. From monthly reporting to proactive security monitoring, the partner operates at the level the organization requires. Regular reports summarize what’s happening in the customer’s infrastructure and suggest recommendations, such as changing the configurations of infected devices, verifying network performance issues, or tracking down error packets and logging some specific types of traffic, for example.
The in-house team does not need experience with security monitoring because the recommendations made can be implemented by, for instance, the network administrator of a healthcare facility. Nevertheless, Mendel’s intuitive environment provides even less-trained staff with a basic overview of what is happening on the network and the ability to quickly find the information they need.
- Perfect visibility into the network infrastructure.
- Network traffic monitoring with real-time data visualization.
- Prevention of operational problems, detection of the root cause of network performance issues.
- Detection of common attacks through an extensive database of known security threats.
- Detection of targeted and advanced cyber attacks through machine learning and artificial intelligence algorithms.
- Strengthening IT processes based on the results found in regular reports.
- Security incident response capabilities through integration with firewalls, network access control, and endpoint agents.
- Ability to leverage partner services to the extent chosen – regular reporting on infrastructure status, staff training, tactical meetings, and external monitoring.
- A secure IT infrastructure contributing to the proper functioning of medical devices and strengthening confidence in the security of patient data and the facility itself.
- An available history of network communication and detected security events over several months to meet ZoKB requirements.