The robot will see you now: AI in healthcare cybersecurity

The growing danger posed by cyber criminals to UK healthcare is nothing to be sneezed at. In recent years network security in hospitals and other medical facilities has taken a hit due to an industry-wide cyber skills shortage, a persistent reliance on vulnerable legacy systems, and the proliferation of poorly secured internet-connected devices. For opportunistic hackers, hungry for patient data and opportunities to hold crucial devices and services hostage with ransomware, healthcare offers a lucrative and all-too-often easy venture. 

The healthcare industry’s response has been lethargic to say the least. The latest Vectra Networks Post-Intrusion Report revealed a level of network openness that made healthcare uniquely vulnerable to exposure from attack. The highest volume of attacker behaviours was found in healthcare (164 detections per 1,000 hosts), which also jointly experienced the widest range of attacks. Command and control ransomware was three times more likely to surface in healthcare than other industries, while the regularity of botnet, reconnaissance, lateral movement, and data exfiltration detections were well above average.

With the UK government committed to a paperless NHS by 2020, including the digitisation of all patient data, these challenges will only worsen unless precautions are taken. Without robust security solutions in place, digitised patient records and services are a sick, sitting duck. To protect themselves from cybersecurity threats, providers must recognise that traditional perimeter defences are no longer enough.

Building a proactive defence is complex and tedious, especially threat hunting. Complexity requires highly skilled labour which can be expensive to find and retain. This is exacerbated by a chronic lack of talent to fill existing needs. These roles require exceptional knowledge of particular attackers, industry regulations and the local healthcare environment, all while monitoring the network 24/7. There simply is not enough to go around.

At the same time, the pervasiveness of internet of things (IoT) devices in the industry has added to existing workloads. Hundreds of suspect behaviours are now detected every hour and specialists are increasingly finding themselves stretched thin on the ground. In such a high-stress, time-poor environment it is inevitable that a lucky attacker will eventually dodge the net.

Fortunately, artificial intelligence (AI) and machine learning can help fill the cybersecurity skills gap, automating the detection of hidden threats fast and scaling up to meet demand. AI augments the work of existing cybersecurity teams through automating time-consuming threat hunting, with the latest iterations fully capable of taking over entry-level analyst work.robotdoctor

AI-enabled security platforms record, analyse and contextualise network traffic to accurately distinguish between normal, anomalous and truly malicious attacker behaviour. Platforms can then contextualise and prioritise events for resolution, helping human analysts focus on the highest priority threats. Many healthcare organisations have already leveraged AI to automate real-time threat hunting and reduce the time spent on threat investigations and remediation by 75-90% – without increasing headcount.

As persistent, internally driven network attacks have become the norm in healthcare, security teams, products and processes must adapt now to head off disaster. Organisations should start by automating the hunt for cyber attackers inside their networks. Only with real-time, detection capabilities can care providers achieve full visibility into attacker behaviours hidden in all network traffic. As recent flashpoints, including May’s WannaCry ransomware attack, have shown, security is not only a matter of reputation, it is one of patient safety.


By Chris Morales, head of security analytics, Vectra