2020 has been a banner year for ransomware in health care organizations. According to healthitsecurity.com, “Universal health Services, one of the largest US health systems, confirmed on October 3, 2020 that the ransomware attack reported earlier last week has affected all of its US care sites and hospitals, spurring clinicians into EHR downtime procedures.”
These attacks are devastating to any organization but can be the difference between life and death in healthcare. No organization should go through the nightmare of decommissioning systems manually to stop an attack. Intelligent tools to detect and mitigate propagation of ransomware are the needed in these types of health care organizations.
To see how we can achieve this, let’s take a step back and determine how we got here.
The Traditional Model
Historically, the Data Center was the center of universe for business applications. This DC was typically designed with castle and moat security and made the assumption that devices and users inside the network could be trusted. With digital transformation, the bulk of enterprise applications no longer reside in the DC – they are in the cloud or on a litany of medical devices equipment scattered throughout the health care organizations digital footprint.
Traditional security architectures make it difficult to secure a large perimeter. Once a perimeter is breached (as in the case referenced above), it is very difficult to stop or recover from these attacks. The staff in this organization had to manually disconnect devices and shut down the network. According to the Coveware’s quarterly ransomware incident report, the average payment of ransomware demand is $111k. That cost doesn’t include the 15 days of EHR downtime and the price to remediate.
What is SDP? How can SDP stop these attacks?
With threats increasingly originating from within an organization, companies are adopting a new security model: SDP. SDP is a security strategy for the digital enterprises/health care organizations that increasingly leverage cloud and mobility. SDP uses a least privileged access model and access is possible only based on an explicit policy. As a result, SDP makes application infrastructure invisible and evades network-based attacks such as DDoS, malware, ransomware, server scanning, lateral transfer etc. SDP can stop these attacks because:
- Identity and context-based access: SDP access is based on identity and context. Many security teams don’t know whether a user at the end of a remote connection an employee is, contractor, spy, fraudster, hacker or even a cat. SDP can change that. The ability to not only verify the human being on the other end of remote connection but also ensure that they are authorized for accessing a resource is critical to security. SDP can help you do all that.
- No lateral traversal: Unlike the traditional environments, users don’t have the ability to run network scans or move from one device to another. With SDP, users are only authorized to specific applications and not the underlying network. By granularly controlling the access, the network and application infrastructure are kept invisible to unauthorized connections and therefore impossible to attack.
- No unauthorized outbound connections: An infected device typically reaches out to command and control servers to receive data and instructions. In an SDP environment, there are no unauthorized outbound connections, every connection must be explicitly authorized, and all connection permits/denies are explicitly monitored and logged.
- Trust is never implicit: Trust is never taken for granted and the behavior is continuously monitored. Trust must be earned consistently.
- Device posture and risk-based access control: In addition to 1-4, with Elisity’s SDP (Elisity Cognitive Trust) implementation, devices are continuously monitored for device posture and risk. When a device process is compromised and a device taken over, Elisity’s solution tries to isolate the infected device and dynamically restrict other access in the event of a ransomware outbreak.
In Part 2 of this blog, we’ll discuss the practical tools, fundamental principles, and strategies that organizations need to embrace to put SDP into practice.