• A Silver Bullet to Prevent Breaches

  • As we continue to read about the common occurrences of healthcare breaches, most recently August 3, 2016 announcement by Banner Health’s breach of 3.7 million records, I ask myself who, how or what can be done to prevent these breaches?

    Here are the perspectives from two industry experts discussing the same technique.  

    Jonathan Crowe a Senior Content Manager at Barkly, wrote about security solutions and the anatomy of a cyber-attack. He states “there are many, many different variants of malware, over 390,000 reported every day. Crowe goes on to state; the standard approach to dealing with them (malware attacks) has been to successfully identify each and every one and add them to a blacklist.” He suggests “a better approach is to realize the real distinguishing characteristic of malware isn't its signature, it's what it attempts to do.” Crowe’s theory is if you prevent a basic action the malware executes, you could render thousands of malware variants ineffective. He goes on to say organizations “need to be more disruptive, how? By shifting their focus from the signature-matching game to identifying and blocking the common behaviors all malware relies on to function.” 

    Nir Polak, CEO of data security vendor Exabeam published an article in the HealthIT News on August 3, 2016 regarding ransomware. Polak states that “recent strains understand how to move around a network, to encrypt not only files on employees’ end-points, but also on networked file shares. The impacts to healthcare organizations are therefore growing exponentially.” But this also means that encryption of larger data-sets will take more time, and therefore these firms have a window for detecting and stopping ransomware.”  

    “We found that ransomware can be reliably detected using behavioral modeling, Exabeam explained. “Based on the goal of reaching the payday or ransom stage of an infection, these programs logically must first distribute themselves, infect a system, stage their environment, scan for data to encrypt, encrypt it, and then finally inform the users what it has done.”

    That is where the behavioral modeling can work. But it requires training users to identify and avoid ransomware attacks in the first place. What’s more, the fact that ransomware has such a specific goal actually makes it easier to create a definable kill chain.

    The C-suite needs to understand that cost of not engaging and enhancing their IT infrastructure. Last estimate the cost of a breach is $2.2 Million dollars, which does not include the damage to the brand, fines or law suits.   

    Watch for the release date of JAL’s 2016 Edition of “Practical Guide to Understanding and Implementing HIPAA”

    Judith is an accredited Certified HIPAA Professional (CHP). As the owner of JAL, Judith is your subject matter expert providing guidance to organizations within HIPAA, GLBA, False Claim and other regulatory agencies. Judith provides reasonable and appropriate compliance policies, procedures within your Compliance Program. As a guru in compliance, Judith delivers compliance employee training programs, and participates in educational speaking engagements for the industries who handle Protected Health Information. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com OR follow JAL on Twitter @ judithconsult

    “Copyright” © JAL Consulting 2016