Health insurers get access to new tech to help thwart hackers
The HITRUST data security collaborative has teamed with cybersecurity vendor Trend Micro to offer providers and payers a security program that works by using deception to prevent hackers from accessing data.
The new product, called CTXDeceptive, makes a dummy mirror system of any information system that an organization is using. By thus deceiving hackers, it enables the security experts of providers and payers to gain knowledge of how hackers work within the dummy site to infiltrate and exploit key systems.
Information gained in this way includes targets of interest and malicious IP addresses and domains; knowing this information makes it possible for security staff to anticipate possible attack paths. The dummy mirror system appears to be legitimate but actually is isolated from other systems and is monitored for incursions.
“It’s a mimic of the real environment, so they feel they are in the environment, and that’s how we see how they operate,” says Chris Albery, director of cybersecurity programs at HITRUST.
After healthcare organizations learn about potential attacks through the deception tool, they can share that information through the HITRUST Cyber Threat Xchange, a project that helps disseminate security information to member healthcare organizations.
The collection and sharing of data on threat actors’ behavior is critical if the healthcare sector intends to improve efforts to fight malicious actors, Albery adds. Those hit by an attack have threat intelligence information that should be shared with the rest of the healthcare community.
Trend Micro is providing cyber expertise, research and lab resources, as well as monitoring and developing alerts, reports, and response and prevention rules. Because of the nature of the decoys, the mirror systems theoretically will have zero false positives, as no legitimate activity should ever occur on those systems, according to HITRUST.
The CTX Deceptive program is being pilot tested now. Information on how to have the program deployed at an organization is available here.