Hospital cyber attacks cost $600K/hour. Here’s how AI is changing the math

Over the past years, medical installations It was not as vulnerable as they are now; The hackers had an unwritten rule so as not to target institutions or services where disturbance could put people in physical danger.

But this is no longer the case: ransomware as a service has proliferated and stolen medical information has become very monetitable, which attracted threat actors to attack hospitals at unprecedented levels.

Alberta health services (AHS) does not intend to be vulnerable – the medical system strengthens its defenses with AI.

Deployment of reinforced cyber-operations AI of the cybersecurity platform SecuronixAhs has reduced its average time to respond to high priority incidents by more than 30%. It has also reduced falsely positive alerts by 90% and workloads from 2 to 3 hours a day, which led to hundreds of thousands of dollars in savings.

“Many hospital networks are large fatty and easy targets,” Venturebeat Richard Henderson, executive director of AHS and Ciso told Venturebeat. “I don’t sleep much because I’m just terrified to receive this phone call At 2 a.m. To say that the entire environment has dropped due to ransomware. »»

Do the work of 1,000 SOC analysts (or much more)

Ahs is the second largest hospital network in North America and the largest unique body in the electronic health care file platform (DSE).

Henderson explained that he and his team are responsible for the cybersecurity of 106 hospitals, 800 clinics, 20,000 doctors and 150,000 staff members serving 4.5 to 5 million Albertans. He described Ahs as a “massive organization on site”, with all the installations connected to the same epic installation.

Thus, Henderson noted: “If it goes down, it decreases for everyone. And, it is not a hyperbole for me to say that if it drops, it could very well have an impact on the life of a patient. ”

Nor is it an exaggeration of saying that an EPIC complete breakdown – whether linked to ransomware or not – could easily cost the Alberta province of $ 500,000 to $ 600,000 an hour, he said.

To avoid such situations, AHS has deployed the “complete spread” of the SECURONIX platform in its environment. This includes the detection, survey and response capacities (TDIR) of the cybersecurity company via its information and event management platform (SIEM), at the origin of the AI. This provides newspaper management, behavioral analysis and a security data lake in a package.

Henderson explained that the medical network consumes data teraoctes in its SIEM and is based on the native architecture of the Secuonix Cloud to manage the standardization and routing of the data. Snowflake feeds a large part of this backend.

Behavioral analysis is an essential element of AHS’s detection strategy. The Securonix platform is constantly learning what normal for its users, endpoints and systems, said, explained Henderson, which helps its team catch “subtle things”, as a confidence account behaving “just a bit out”.

“He is looking for models and sewing things together,” said Henderson. “You can hire 1,000 security analysts and you still wouldn’t have enough people to be able to scrink all telemetrics that modern digital companies consume.”

Ahs reduces resolution time, improving response times

For example, AHS focusing tools learn what the normal network behavior looks like through its hospitals. When something unusual happens – like a device that suddenly speaks to an external server, it has never been contacted before – it signals it right away. This can lead the security teams to an erroneous tool that could have been exploited if it had otherwise gone unnoticed.

“These types of configuration errors have led to catastrophic ransomware epidemics in other hospital networks in the past,” said Henderson.

Or, like another example, a useful charge can be possible as potentially suspect, but it is obscured, which means that humans must try to understand exactly what it is and what it does, noted Henderson. Now, they can ask the platform to disobase the payload and determine what the attacker tried to do, and in “literally seconds”, he does all the work.

“For the past two years to be able to talk to a computer as you are talking to a person has just changed the way people think of AI,” he said. “The treatment of natural language has existed for a long time, but not at this level, and it continues to make me breathe how good it is.”

As a result, AWS has been able to considerably reduce resolution time and improve its ability to react more quickly. Henderson said the average time to respond to high priority incidents is down more than a third compared to last year.

Indeed, AI does the bulk of the work, helping analysts to understand what is going on and what an attacker tries to achieve, said Henderson. In modern cybersecurity, AI has become extremely important for detecting networks, protection of final points, filtering emails and other cybersecurity functions. “My people save hours a day using AI tools,” he said.

The Securonix platform has also helped to reduce noise, AHS seeing a substantial drop in false positives reaching its junior analysts, which “really helps to concentrate and avoid professional exhaustion,” said Henderson.

He noted that there are many discussions on AI to replace the lower levels of security operations. But from its point of view, “the AI ​​will not replace the junior staff. What he is going to do is help them learn more quickly, better work and protect the corporate environment. ”

The increase in attacks makes critical education

The AHS being so large, having many facilities covering the province, the Henderson team must follow where the largest volume of incidents occur. This can help them deduce if a specific geographical region is targeted on another.

Henderson stressed that Calgary and Edmonton are the two largest cities in Alberta, so naturally, one might think that they would support a big attack. But this is not always the case; Small rural hospitals are often targeted because threat actors assume that their defenses are lower.

The AI ​​allows him and his team to keep an executed dashboard where incidents occur to plan additional awareness if necessary. Henderson spends a lot of time in the human side of security, he said, educating Ahs’ nurses and doctors in previous attack campaigns so that they understand what to look for.

“So, if we see an increase in our rural hospitals, I will absolutely build an education campaign to say:” They target rural hospitals because they think you are an easier target. These are the types of things you should look for, “he said.