Leading a team of cyber problem solvers, Suneel Sundar, senior manager of new cyber experts at MITER, studies the tactics, techniques, and processes used by those in the network. known in the IT environment.
Sundar will present “We See You When You’re Sneaking: Insider Trends and Techniques on IT Systems,” an educational discussion at the HIMSS Healthcare Cybersecurity Forum, which will taking place on December 5 and 6 in Boston.
His piece will tackle insider threats and share some of their techniques tested through objective evidence-based analysis using the TTP Insider Threat Knowledge Base (Tactics, Threats, and Procedures). The knowledge base, created by researchers at the nonprofit MITER Center for Threat Defense, or CTID, launched in February with more than 50 TTP insider threat examples.
Inspired by MITER ATTACK and tools like the Ransomware Help Center for Hospitals and Health Systems, Sundar and his colleagues launched a new insider threat knowledge base based on community to guide insider threat reduction programs toward viable detection and response measures. The sending platform authenticates the user and anonymizes the submissions.
“It summarizes the relevant data so that a donor organization doesn’t air its dirty clothes; they are sharing the bare minimum to allow us to do analysis, not more. may cause embarrassment or may compromise their own legal fairness,” said Sundar Healthcare IT News. “We’re not looking for dirty clothes, we’re looking for new fabrics.”
According to Sundar, improving cyber defenders’ collective understanding of insider threats requires hospitals, healthcare systems and providers of all sizes – and at every stage. technology segment – must participate in this cross-industry collaboration.
An organization with less sophisticated IT, he explains, can identify some internal techniques that no one else has ever seen.
“Once that technique is identified once and it enters the knowledge base, people in the healthcare industry and the security community at large can build detection and defense measures for that. ”
A pathway to understanding health care’s insider threat schemes
According to a Ponemon Institute report released in January, internal incidents increased by 44 percent.
Sundar says Health Information Sharing and Analysis Center and other healthcare organizations use their knowledge base and share use cases as it helps to create a data set wider for authentication.
“For organizations that do not have their own insider threat program or are looking to maintain their own insider threat program, this will provide them with a breakout list,” he said.
For those working with security partners, data provides an objective way to measure that the security function is identifying the most harmful internal events for the organization.
“Based on authenticated to users and anonymized data from the organization, we will be able to analyze what is more prominent as an insider threat to the healthcare industry.”
In the future, users can sort insider threat data by domain.
Sundar explains: “Contributing to and building a knowledge base with insider case submissions is essential for continued research to understand healthcare insider threats that are different from those in the industry. threat in other areas”.
The most common insider threat
Sundar said the most common insider threat is data theft, which includes obtaining a patient’s personal and health information, and it is often deleted through external means and e-mail, Sundar said. speak.
He added: “We are also seeing an increase in cloud storage capacity.
Defenses often monitor common theft channels or add regulations about how and when users use those channels.
However, they are also important data-sharing methods that support interoperability in the healthcare sector, and organizations must weigh the business benefits of enabling a technology that is resistant to risks. security risks when using that technology.
“We acknowledge that there are legitimate uses for email and legitimate uses for USB as well as legitimate uses for cloud storage, which is what makes catching insiders red-handed. using those tools in a way that harms the organization becomes very difficult,” said Sundar.
However, there are clear patterns in internal data breaches. Users will download data packages for days or hours, he said.
“There’s a trend that we’ve seen from the data, which is insiders – they have some intentions. Insiders will sort out the data they’re trying to steal before it gets leaked. Because So that means a model where we can see that a security operations center can see as users download, download, download, download.”
It’s not as simple as saving internally to their local drive.
“We’ve found that insiders plan what they can take, pack it into a package and then send it in a lump,” says Sundar.
The HIMSS 2022 Healthcare Cybersecurity Forum takes place on December 5 and 6 at the Renaissance Boston Waterfront Hotel. register here.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
