by John Southrey, CIC, CRM
Director, Product Development and Consulting Services
For physicians or groups who want a higher level of cyber security monitoring, TMLT is now partnering with eSentire to offer 24-hour live monitoring of your computer network.
eSentire offers Managed Detection and Response (MDR) to shield your confidential information against cyber attacks. With MDR, security analysts monitor your network for suspicious behavior, allowing for rapid intrusion detection and response. Having this level of threat detection and incident response allows for immediate intervention before the attacker has accessed or copied exploitable data. Essentially, MDR acts as an intelligent circuit breaker in real time.
Health care organizations are increasingly the target of cyber attacks, and cyber criminals use a spectrum of attack vectors —ransomware, socially-engineered phishing attacks, and malware invasions — to access networks.
Other sophisticated attacks look for security holes in software that are unknown to the software vendors. These “zero day attacks” can go undetected by traditional data security tools and are carried out before the vendor becomes aware of them. Timely detection and response to these attacks is critical.
Microsoft’s Windows operating system was recently subjected to a “zero day” attack. On November 2, Microsoft announced it was releasing a software patch to address vulnerabilities found in Windows. These vulnerabilities were exploited by a hacking group reportedly linked to the Russian government who used socially-engineered emails to gain access to the computer networks of U.S. government agencies and military organizations. (1)
Because many health care organizations may take a “wait and see” approach to data security, they may not recognize when they have been breached. Often, it can take up to several weeks to detect and respond to incidents. (2)
Services such as MDR can mitigate the effects of “zero day” and other cyber breaches, thereby narrowing the window of opportunity for an attacker and detecting data breaches before they spiral out of control.
Learn more about MDR.
Please contact the TMLT PDCS team to learn more about eSentire and their services for physicians.
- Molina B, Weise E. Microsoft to block Windows flaw used by Russian hackers. USA Today. November 2, 2016. Available at http://www.usatoday.com/story/tech/news/2016/11/02/microsoft-hackers-reportedly-linked-russia-find-windows-exploit/93157254/. Accessed December 5, 2016.
- In a survey of 223 US-based health care executives conducted by KPMG, only 13% reported tracking known cyber security attacks daily. Additionally, 25% stated they do not have or do not know their capabilities, in real-time, if their organization’s systems are being compromised. KPMG. Health Care and Cyber Security — Increasing Threats Require Increased Capabilities. 2015. Available at http://www.kpmg-institutes.com/institutes/healthcare-life-sciences-institute/articles/2015/08/health-care-and-cyber-security.html. Accessed December 8, 2016.
- AV Test. Malware. Available at https://www.av-test.org/en/statistics/malware/. Accessed December 8, 2016.
- HealthIT.gov. Security risk assessment. Available at https://www.healthit.gov/providers-professionals/security-risk-assessment. Accessed December 8, 2016.
- Armor. A Guide to HIPAA compliance & risk management: A Proactive Approach To Data Security. Available at https://www.armor.com/. Accessed December 8, 2016.