Attivo Networks Blogs

Urgent Care: Deception-Based Detection Stat!

By: Christina Adams

Healthcare organizations work hard to ensure their patients’ care and their sensitive data remain protected. Those working within the healthcare sector know the importance of optimizing care for their patients through the use of high-tech, state of the art medical devices and online access to medical records.

It’s Time for a Checkup

While healthcare organizations continue to work towards providing their patients with the highest quality care, the start to the new year is an optimal time for IT teams to give their cybersecurity practices a checkup. In its annual study, Ponemon Institute reported that almost 90% of healthcare organizations have been breached and that the average cost of a data breach for a healthcare provider is $2.2 million. In 2018, breaches will only become increasingly sophisticated, pervasive, and costly for healthcare organizations.

Why Healthcare Organizations?

Healthcare organizations are lucrative targets for attackers because of their wealth of sensitive patient data and the relative ease of infiltrating a healthcare organization’s network. Several factors can increase a healthcare organization’s vulnerability. Medical devices with IOT capabilities, for example, provide life-saving benefits for patients, but can make it challenging to implement traditional network security monitoring due to transient connectivity. Additionally, providing patients with electronic access to medical records increases patient satisfaction, but poses an additional network security risk. Furthermore, IT teams within healthcare organizations are often limited by budget and resources and therefore are susceptible to lacking the tools necessary to combat today’s modern attacker.

So What’s the Treatment Protocol?

The answer is not to get rid of IoT medical devices or eliminate computerized physician order entry (CPOE) systems that simplify care and save lives. Healthcare IT teams simply need tools in their arsenal that not only defend the network perimeter but also help IT teams detect and respond to in-network threats efficiently and effectively.

Enter: deception technology. Deception technology is a powerful tool that can help healthcare organizations protect patient data, company assets, and patient lives by turning the network into an environment where the attacker cannot tell what is real and what is fake; ultimately, revealing an attacker’s activities as they try to scan systems or attempt to download malware onto medical devices. These traps detect lateral movement, credential theft, ransomware and Active Directory reconnaissance.

In addition, deception saves time for IT teams by automating routine security tasks, allowing smaller teams to accomplish more without sacrificing security. However, not all deception is created equal…

The Generic Version Won’t Cut It

Deception-detection solutions vary widely based on comprehensiveness, authenticity, attack analysis, and ability to improve incident response. The Attivo ThreatDefend™ platform combines network and end-point detection to create the highest efficacy of early detection coverage of advanced threats. Deception is placed at both the end-point and inside the network, unlike deception solutions that offer one or the other. The platform efficiently detects threats across all vectors including stolen credentials, Man-in-the-Middle, ransomware, phishing, and insider threats that often evade traditional perimeter-based systems. For authenticity, Attivo misdirects attackers by creating a camouflage of deceptions that provide advanced luring techniques based on the use of real operating systems, golden images for decoys, and customized endpoint credentials designed to draw in attackers.

Attivo Networks recently established a partnership with Becton, Dickinson, and Company (BD), one of the world’s leading healthcare, safety, and technology organizations. Attivo worked closely with BD to create a customized solution for their infusion devices. BD conducted extensive POC (Proof of Concept) tests and the Attivo BOTsink proved to provide reliable threat detection. To learn more about the BD solution, click here.

Learn More Before Filling Your Prescription

If you are interested in learning more about how the Attivo Networks ThreatDefend™ platform works and how it has benefitted healthcare organizations, register for the NH-ISAC webinar, Deception-based Threat Detection, Myths and Realities .

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top