By Benjamin Harris, Healthcare IT News | May 17, 2019

Healthcare systems need to collaborate on defense and rely on AI and machine learning to respond to new threats, study finds.

In a world of sophisticated attacks, complex networks, high financial stakes and layers of regulation, healthcare systems can no longer afford to go it alone when it comes to cybersecurity.

“We can’t operate as individuals,” said Greg Conti, senior security strategist at network security vendor IronNet, about the healthcare industry.

Because on the other side of the table, he said, hackers are collaborating on new offenses, sometimes even with the covert support or direction of foreign governments.

“We have to have collective defense in face of collective offense,” said Conti.

Coordination is the best defense

A new study from IronNet finds that many healthcare systems are lagging in real-time monitoring and information sharing. More robust threat sharing and coordination against attacks across disparate healthcare providers is, to Conti, the only way forward for the healthcare industry to keep up an effective defense.

The concept is not a new one. Other industries ranging from energy to the financial sector already coordinate defense information and work together to stave off threats, said Oliver Wai, VP of product marketing.

“Over time we’re going to be sharing best practices and connecting the dots,” said Conti.

Healthcare cyber command

“We need to defend as a sector,” he explained. “Over time we’re going to be sharing best practices and connecting the dots.”

Conti envisions regional or state level threat clearinghouses that lean on automation to speed up the sharing of threat information and coordination against attacks. AI is critical to keeping pace with the changing security landscape, as the “sheer volume of things to be watched for far outpaces things people can do” he said.

Over time, AI and machine learning will be able to automatically share updated responses to threats or cordon off compromised parts of networks to prevent the spread of malicious actors. A faster and more automated system of information sharing and defense coordination enables a more robust national-level defense too, said Conti.

The state of the industry

Security threats aren’t going away. In fact, they are reaching greater levels of sophistication every day and the healthcare industry is performing well below where it should be in terms of defense.

Part of this is because when one organization discovers a problem, their findings (and any eventual solution) tend to stay in-house, instead of sharing it with the community as a whole.

There’s no shortage of soft spots in healthcare IT systems, and it can be like playing Whac-a-Mole trying to cover every hole each time one is discovered.

Leveraging advances in detection and threat response along with a greater reliance on automation could help the industry communicate together and coordinate against threats on a regional, state, and national level.