Jax cybersecurity firm tackles healthcare vulnerabilities with innovative approach (Courtesy of JAX Inno) — The nationwide healthcare community faces a pandemic, but it’s not spreading with coughs or sneezing — it’s a cyber one.
A new service from Jacksonville-based cybersecurity consulting firm OnDefend aims to help hospital systems regularly test and prepare against digital threats that put patient safety and data security at risk.
It’s called Ransomware Defense Validation. RDV is delivered through OnDefend’s BlindSPOT system, which emulates real-world threats on a consistent basis to ensure and validate that its defenses are working to protect organizations round-the-clock.
Cyber security training is already built into companies worldwide. However, because of the healthcare sector’s access to secure personal and financial information, hospital systems are considered high-value targets for hackers, explained OnDefend CEO Chris Freedman.
“The golden goose is healthcare information,” he said. “It’s the most valuable information that can be resold on the dark web and things like that. It’s a one-to-many attack — get in one hospital system and access all these patient’s records.”
Normally, companies test cybersecurity with an audit once a year, but RDV will help hospitals stay constantly prepared, said Freedman: “(Once a year) isn’t enough. You wouldn’t practice for the Olympics like that, right?”
Data from global security testing by OnDefend found that 24% of malicious emails bypass secure email gateways and seven out of 10 attack simulation engagements identified exploitable security tool failures.
“Cybersecurity isn’t about setting up defenses and hoping for the best,” said Larry Whiteside Jr., former CISO at Spectrum Health and Women’s Care OBGYN in a press release. “It’s about constantly testing, adapting, and staying ahead of threats. If you’re not testing your security, the attackers will do it for you.”
Healthcare systems are considered critical infrastructure in the U.S. so ensuring they’re fully operational and protected all the time is of high concern. Especially with the integration of artificial intelligence everywhere, including with bad actors, said Freedman, it’s now a numbers game with how hackers will attempt to access secure information.
The goal of RDV is to validate security tools and hold monitoring vendors accountable while simultaneously empowering customers to demonstrate that they are achieving the return on investment as expected.
Security is not a profit-rich sector of business, explained Freedman, so security leadership are often at odds with their board and executives. Showing that the defensive systems work — that return on investment — is crucial for showing those higher up the totem pole that it needs more investment.
It’s similar to home security systems like ADT, where customers assume they’re going to alert and respond when an intruder breaks in. Digitally, BlindSPOT puts that to the test.
Specifically, it tests secure email gateways to filter malicious emails from reaching employee inboxes, threat detection tools that identify and alter security teams to real-world attack activity and threat response teams which respond and neutralize those cyber threats.
“Basically, using the home metaphor, it opens all your doors and windows every day,” said Freedman. “It’s proving that the attack was seen and someone will respond to protect your home.”