New H-ISAC Framework tackles Authentication Risk in Healthcare

In a new framework, the Healthcare ISAC (H-ISAC) is advising healthcare organizations to up their game including the application of better analytic tools to spot authentication-based attacks. H-ISAC and QOMPLX will delve deeper on the topic of how to detect and turn back sophisticated attacks in a July 1 webinar. Register now!

The COVID-19 pandemic hasn't just strained the operations of hospitals, clinics, and other healthcare organizations. It has also exposed healthcare-sector organizations to a wave of costly cyber attacks preying on the COVID crisis.  Those attacks prompted the Red Cross to issue a call to government and business leaders to step up and work together to prevent such attacks, which are forbidden under international law.  

But while the COVID epidemic will eventually pass, attacks on healthcare organizations show no signs of letting up. In response to this, The Health Information Sharing and Analysis Center (H-ISAC) has released a framework for CISOs in the healthcare field to shore up their cyber security by better managing user identity.

A Framework for Healthcare CISOs

The new framework focuses on healthcare CISOs and argues for an embrace of modern identity systems that emphasize strong authentication. “Overall, the guide is meant to demonstrate ways healthcare organizations can enable users to securely and easily access resources, along with ways for the enterprise to protect against cyberattacks,” writes Health IT Security.

“At its core, the Framework revolves around a simple concept: how to enable users – be they employees, third party partners, or patients – to access resources in a way that protects against attacks while also being easy to use and administer,” states the H-ISAC white paper.

Analytic Tools a Must

Part of that challenge is mastering security analytics needed to spot suspicious or malicious patterns in authentication traffic. Recent attacks  inside and outside the healthcare vertical have underscored how attackers are using compromised accounts and attacks on Active Directory and Kerberos to establish long-term residency in compromised networks and move about undetected.

"Effective analytics systems are able to determine if credentials are acting abnormally and can be automated to take various actions," the white paper reads. "Privileged accounts are of particular interest to perpetrators not only because of the resources they can access, but also because other IAM controls often cannot easily detect operations performed by these accounts. Not surprisingly, many of the worst breaches of the last decade targeted privileged accounts as part of a cyber kill chain," the paper reads.

If you want to learn more about how attacks on identity infrastructure play a role in attacks on healthcare organizations, QOMPLX is delving further into identity and authentication in healthcare with its webinar, ‘How Authentication Attacks Threaten your Healthcare Environment,’ on Wednesday, July 1, at 2 p.m. Eastern. The webinar will also address defending against cyber threat actors and defending critical healthcare assets.