Attivo Networks Blogs

Cyber Deception for Improving Security Health in the Healthcare Industry

Authored by Carolyn Crandall, Chief Deception Officer, Attivo Networks – Over 38 million patient records have been compromised due to breaches this year, compared with just 12 million in 2018. This alarming statistic demonstrates that, despite increased education on cyber safety, healthcare providers are still struggling to protect both their PII and other vulnerable data. Even the most robust prevention defenses are proving inadequate in stopping attackers once they have infiltrated a network.

Insider threats remain the number one risk for healthcare organizations. Whether these threats are from employees, contractors, or suppliers, insider threats start with the advantage of already being inside—often with privileged access to the network and sensitive information. Ransomware attacks are also emerging as a popular tactic for cybercriminals looking to extort money from healthcare organizations. These attacks are happening at an unrelenting pace, with reports showing them occurring weekly, if not daily, during some weeks.

Detecting threats that have bypassed prevention defenses have become more difficult, as new attacks can originate from many different attack surfaces. Higher risk IoT devices are serving as an increasingly targeted entry point. Additionally, 11 new zero-day vulnerabilities named URGENT/11 are creating a high-risk environment. URGENT/11 requires serious attention because it enables attackers to take over devices with no user interaction required and can bypass firewall and NAT perimeter security solutions. It can also affect a wide variety of devices, including patient monitors, MRI devices, SCADA systems, industrial controllers, firewalls, printers, and VOIP phones, to name a few. Over 20 vendor’s solutions and 2 billion devices using the VxWorks’ TCP/IP stack are impacted and at risk. These vulnerabilities can also propagate malware into and throughout networks, resembling that of the EternalBlue vulnerability, which attackers used to spread WannaCry malware. We have seen the damage that this attack method has already caused, and it’s incumbent upon us to prevent a similar reoccurrence.

Detecting URGENT/11, ransomware, and other forms of attacks are critical. Organizations, both small and large, need a new approach to reduce their risk and prevent a devastating attack. Deception technology plays an essential role in cybersecurity defense for healthcare organizations for its effectiveness in detecting a wide range of attacks and the actionable, high-fidelity alerts it gives to information security teams. Whether intruders originate from insider threats, compromised IoT devices, unsecured remote networks, or other sources and attack surfaces, deception technology provides early visibility to policy violations and unauthorized access attempts early in the attack cycle.

Cyber deception works by levelling the playing field with the adversary. With deception technology, a simple misstep or mistake by an intruder quickly reveals their presence. Intruders now have to navigate traps, lures, and breadcrumbs that force them to guess right every time they move within the network. With one slip up, the deception platform detects attackers and effectively studies them within the deception environment. Once attackers engage, defenders can also gather intelligence about their tactics and goals.

The automated attack analysis capabilities of deception technology provide faster investigation and streamlined incident handling thanks to customizable analysis and response actions. The solution’s high-fidelity alerts allow security teams to focus and allocate their time and resources more effectively, further increasing efficiency.

Additionally, by analyzing attack paths and observing how attackers move laterally within the network, deception technology can interweave a decoy fabric throughout the environment to prepare for and defend against future attacks better.

As the frequency of attacks targeting healthcare organizations seems unlikely to decrease anytime soon, deploying scalable technology capable of providing accurate in-network visibility and early detection across a wide range of attack surfaces will only grow in importance and significance.

To learn more about how the Attivo ThreatDefend deception technology solution serves the healthcare industry, click here.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

one × four =

Ready to find out what’s lurking in your network?

Scroll to Top