1. Behavioral-based analytic platforms and tools. Every piece of malware has a unique "signature," or a pattern of behavior that separates it from other pieces of code, Love explained. Historically, digital protection services have relied on signature-based detection to parse out bad code. The problem with this, Love noted, is that it takes time to observe a pattern, and the longer malware sits on your network, the more damage it does. And that's not even the biggest issue.
"Today's malware changes quite frequently, so what you experience today could be very different tomorrow or next week from the first time you detect it," Love said. "That really renders the signature ineffective."
The good news is there are solutions available, including security software that analyzes the big picture, assessing behavior across your entire digital environment and establishing a baseline of what's normal. "When anything goes beyond normal it flags it as a potential issue and allows you to eradicate it much faster than if you were going through that signature-based process," Love said.
2. Cloud-based security. Cloud-based security – security services or resources made available to users on demand via the Internet from a cloud computing provider's servers - has grown rapidly in recent years. With this growth, cloud-based security has evolved such that it can actually be more secure than on-premise solutions. It's not inherent, he added, you have to build strong security into it, but it's relatively simple to do. This makes the cloud an increasingly good option for healthcare facilities, especially small and mid-size facilities that might not have strong IT departments.
3. The "Internet of Things." The Internet of Things (IOT) refers to all devices with internet connectivity, not just computers. Healthcare facilities are filled with IOT, from medical devices to monitors, and unfortunately, Love said, these devices were not designed with security in mind. "They have lots of security flaws inherent in them, but there are coming advances to detect those and better connect devices to EHR systems and tie the entire eco-system together," he added. This security feature is a bit further off, but it will be a key area of innovation in helping healthcare facilities safeguard their entire environment.
Given the complexities of cyberattacks, Love recommends healthcare facilities form a relationship with a dedicated IT firm that can help plan, prepare for, and respond in the event of a cyberattack. While on-site information security is necessary for monitoring systems, outside firms are experts in fighting the battles against cyber criminals. And do this soon, Love advised, because in the healthcare industry it may just be matter of when you’ll get attacked.