Tuesday, August 19, 2014

Community Health Systems Data Breach Drives Home the Point:
You WILL BE Infected

Posted by - Paula Wheeldon, Marketing Team

In what has become an all too familiar scenario, a large enterprise organization, in this case, Community Health Systems, announced a cyber-attack, in which close to 4.5 million patient records were stolen. This company, which operates 206 hospitals in 29 states, announced that the data breach may have happened in April and June. A security vendor brought in to investigate after the attack found “sophisticated malware” in the network, which was used to copy and transfer patient data to the hackers outside. The attack is thought to have originated in China and according to one report, such thefts have involved stealing intellectual property such as medical or equipment development information. In this case, non-medical patient names and addresses were stolen.

What is clear in this security breach is that more is unknown than is known. Because HIPAA requires it, we can assume Community Health Systems had security in place to detect inbound malware and that apparently, their solution missed something. The other obvious fact is that the security breach was discovered well after it occurred, as illustrated by the loss of millions of records and the fact that they report a three month span during which patient data may have been stolen.

This breach echoes several other recent high profile attacks involving the loss of millions of private records. We must consider that these breaches are happening even as we’ve become much better at detecting APTs and other threats before they reach the network. The addition of sandboxing technology has enhanced this capability so that often only a fraction of a percent of malware may have a chance to get anywhere near the network. However, a fraction of a fraction still isn’t 100%. As these high-profile breaches, and hundreds of smaller ones illustrate, one missed threat can lead to millions of lost records.

Organizations must be better prepared to protect their data by implementing detect and respond solutions such as baselining and continuous monitoring. Network baselining involves establishing a normal traffic pattern of data transfers leaving the network over time. Once the baseline is determined, continuous monitoring over all outbound data transfers can detect anomalies in traffic, stop the transfer and alert the administrator.

Today’s threats demand that organizations look beyond standard security measures and face the reality that despite their best efforts, their networks may be infected. While robust inbound defenses such as strong signature/heuristics AV and sandboxing remain essential, it is the ability to detect and respond quickly as an infection occurs that could spell the difference between disastrous data loss and more effective data security.

Learn More:
Network Baselining
Continuous Monitoring