Industry Trends

Unique Perspectives on the Threat landscape of Today’s Healthcare Networks

By Ryan Edwards | March 29, 2016

A recently released executive level report by Fortinet included a brief overview of key findings resulting from Fortinet’s Cyber Threat Assessment Program (CTAP) running across a multitude of organizations nationwide for a period of four months. 

The findings showed that the landscape of cyber threats were in constant motion and evolving quickly.  The rapid development of new malware, the exposure of software flaws, the onslaught of organized cybercrime, and the rising value of data are all contributing factors to the challenges that IT leaders face daily in the battle to protect their corporate resources.

Healthcare organizations are in a unique position when it comes to cyber threat prevention. As in most organizations, customers come first, but it can’t be at the expense of security anymore.  Conversely, in healthcare, improving and delivering quality and timely patient care is the number one priority.  As a result, cyber security cannot become a limiting factor in the organization’s ability to deliver that goal. Due to these conflicting priorities, security implementations in healthcare have traditionally been limited to the perimeter, where they can secure the overall environment, but provide no internal security to protect the Data Center and the myriad of unique devices and terminals distributed throughout the infrastructure providing critical services to patients and clinicians.

With the relentless advance in sophistication and pervasiveness of cyber threats in today’s landscape, that perimeter defense is no longer sufficient. Defending the perimeter becomes a lost cause when every mobile device and USB port becomes a new perimeter. Security is truly borderless in the modern healthcare landscape, so security needs to follow. The Data Center and internal network must be protected, without compromising the quality of patient care and the clinician experience. 

The Data Perspective

This report is a summarization of data gathered from hundreds of US companies who participated in Fortinet’s Cyber Threat Assessment Program (CTAP). This complimentary program was developed by Fortinet to help organizations gain a deeper visibility into the traffic within the network infrastructure. 

This program included the installation of a FortiGate security appliance positioned behind the existing security solution for a period of 3-7 days.  The data within this report reflects the culmination of intelligence collected over a 4-month period.

The Industry Perspective

While there are significant findings in the amount of attempted attacks among the sample group via many different threat vectors, some of the significant findings involve specific areas of interest when it comes to healthcare.  As the black market price tag of healthcare data rises, the organizations aimed at stealing information are finding that hospitals are softer targets because of the nature of the business itself.  As a result, criminals are ramping up efforts to profit off of that realization.

Most organizations are still allowing access to social media sites such as Facebook which makes up roughly 25% of total network traffic within typical organizations. This traffic consists of streaming video and audio. Facebook alone represents almost 50% of all social media traffic by users at work. This behavior exposes the organizations internal systems to risks such as drive-by downloads, social engineering, and malvertising. Incidentally, malvertising consists of over 19% of network traffic and is a growing strategy for attacks.

Where Healthcare Ranks

Coming in at third place overall, healthcare realized over 10% of total attacks out of the 32 Million events recorded during the CTAP gathering window of 4 months.  Malware and botnet activity was among the top ranking attack vectors which attempt to mirror a land-and-expand strategy. These attacks try to infiltrate and export data in order to gain intelligence on patient and financial systems.

Another method exposed and unique to healthcare was automated exploit kits such as Angler and Nuclear. These exploits look to target applications like Flash, Silverlight, and Internet Explorer.  They can infiltrate systems by using the drive-by-download technique.

Other techniques were those of the prevalent ransomware attacks such as TeslaCrypt and CryptoWall 4.0. The data shows an increase in targeted attacks by criminal organizations who are aimed at holding data for ransom. This method is becoming a highly lucrative business for cyber criminals.  With higher payout and virtually untraceable bitcoin payments, this is proving easier than selling the data on the dark web.

The Healthcare Perspective

Healthcare organizations have traditionally been late adopters of technology outside of that which directly impacts patient care.  As a result, there is a disproportionate amount of health related applications, network connected patent monitoring devices, and network attached gadgets compared to security related mechanisms in healthcare organizations.

So what do we do with this information and how can hospital organizations protect the patient’s data while keeping security out of the way; allowing healthcare professionals to do their jobs and not impede patient care?

The Solution

Fortinet’s Cyber Threat Assessment Program (CTAP) is a good place to start in gaining an organizationally broad perspective on how well you rank within the security spectrum against threats both internally and externally.  This program will allow you to see exactly how well your current security solution is performing and help you build a strategy for improving it.

In addition, and with this newfound perspective, Fortinet is able to custom tailor a security solution that helps minimize organizational impact and maximize security posture.  These solutions cover every aspect of your organization’s ability to monitor, detect, mitigate, and prevent cyber threats from impacting patient care and its outcomes. 

The solution platform that Fortinet delivers allows you to bring security closer to the impact site by deploying high performing next generation firewall appliances closer to the patient without impacting performance or care.  By doing this, potential impacts of virus, malware, and ransomware are segmented from the rest of the organization; keeping the impact low and manageable should they gain foothold.

In addition, Fortinet’s wide array of security solutions build upon a solution framework that utilizes a standard operating system (FortiOS) which creates a security platform that will enable consolidation and simplification of deployment and management.  All of this is protected by the proactive security services of Fortinet’s FortiGuard Labs.  This service is consistently rated as superior by NSS Labs, Virus Bulletin, AV Comparatives, and ICSA for its security effectiveness.

You can read more about this and other solutions at