Mastering Cyber Threat Intelligence to Protect Patient Safety
At the HIMSS Global Health Conference & Exhibition in Las Vegas, two experts, Jon Moore and Michael Gross, shed light on how healthcare organizations can stay one step ahead of cyber threats through threat intelligence. As chief risk officer and senior vice president of consulting services and client success at Clearwater Security and Compliance, and manager of cyber intelligence at the Cleveland Clinic, respectively, they emphasized the importance of understanding how to interpret and leverage threat intelligence in combating cybersecurity threats.
"It's hard to miss the daily announcements of some sort of ransomware attack or cyberattack," said Moore. "The attacks are becoming more and more sophisticated." Gross added, "Because cyberthreats are escalating in frequency and severity, staying on top of threats through intelligence sources is vital."
Moore and Gross stressed that incorporating threat intelligence into a holistic cybersecurity strategy is essential for healthcare organizations to protect patient safety. They highlighted the importance of distinguishing between different tactical cybersecurity strategies and how each is leveraged as part of a larger cybersecurity strategy. This, they noted, is crucial given that global threat actors are targeting the U.S. healthcare industry.
Data from recent years reveals that 244 threat actors exist and are targeting U.S. industries as a whole, with 114 going after the U.S. healthcare industry alone. Seventy-five breaches that resulted in hacking were reported to the Office for Civil Rights in the last 12 months. The frequency of attacks is alarming, with an average of 2,018 weekly attacks on healthcare institutions, representing a 32% increase over last year.
Patient safety is also a growing concern, as data has shown that 22% of providers who experienced ransomware attacks reported increased mortality rates following the attack. "Attacks can impact the lives of patients who are depending on those systems," said Gross. Moore noted that it can take one to three months for an institution to recover from a ransomware attack, which can have significant financial implications.
What is Cyber Threat Intelligence?
Cyber threat intelligence (CTI) refers to the collection and analysis of data related to current and emerging cyber threats. It provides insights into attacker tactics, techniques, and motivations, as well as key indicators of compromise (IOCs), enabling organizations to proactively detect, prevent, and respond to cyberattacks.
Moore explained that CTI includes two types: tactical and strategic. Tactical CTI focuses on specific cyber adversaries and operations, providing information on how a threat actor operates, including their motives, capabilities, and potential next steps based on past behavior. Strategic CTI provides a broader view of potential threats and their implications to help make informed decisions about resource allocation, policy updates, and long-term planning.
The Six Stages of the CTI Life Cycle
Moore and Gross emphasized that understanding the six stages of the CTI life cycle is crucial for effective threat intelligence. These stages are:
- Planning and direction
- Collection
- Processing
- Analysis
- Dissemination
- Feedback
Leveraging CTI: From Reactive to Proactive Approach
Moore and Gross stressed the importance of moving from a reactive to a proactive approach when it comes to leveraging CTI. This means integrating threat detection into security tools, conducting threat hunting, informing incident response, improving vulnerability management, and enhancing awareness and training.