The Unexpected Benefits of Network Analysis

From removing ransomware to identifying exposed ePHI, network analysis in healthcare environments is more powerful than originally thought
Peter Kelly, Global Head of Customer Success & Chad Holmes, Security Evangelist
Feb 24, 2023

The ongoing cyber attacks on the healthcare industry are driving forward-thinking leaders to explore and adopt a variety of defense and detection strategies. From increasing investments in cybersecurity insurance to extending in-place IT protections, there are a variety of approaches with unexpected and often productive results.

One commonly explored approach seen among Cynerio’s customer base is increased analysis of network traffic. The immediate value is often clear - passive traffic analysis enables deep packet inspection (DPI) which provides insight into the thousands of IoT, IoMT, OT and IT devices found throughout a hospital. Further analysis allows for identification of network-level security practices like microsegmentation that can drastically reduce the risk of malware and ransomware attacks spreading.

What often surprises customers is the number of additional benefits provided by the platform Cynerio has built on top of the collector performing DPI. In the world of cybersecurity the vast majority of surprises are unpleasant, so take a break from the stress and enjoy the 9 most helpful surprises our customers experience:

  • Removing Ransomware - Most healthcare environments have invested heavily in protecting traditional IT. Unfortunately, traditional protections are only able to detect traditional attacks. Cynerio’s Attack Detection & Response capabilities routinely identify malware and ransomware attacks attempting to replicate throughout a network. Better yet, those attacks are often validated and fully addressed in under two hours!
  • Exposed ePHI - Data breaches are among the top IT concerns for all healthcare environments, but we still see over 50 million records exposed each year. Cynerio’s research team is able to identify exposed ePHI before hackers do. Better yet, many of the fixes are so simple they can be done within a few minutes through simple configuration changes!
  • Crazy Credentials - From easily guessable passwords to default credentials, numerous systems are at risk due to basic user credential usage. Cynerio’s device and network analysis is able to identify, validate and alert teams on these areas of weakness.
  • Illegitimate Integrations - Cynerio’s 2022 State of IoMT Device Security report identified 293 individual vendors who deployed millions of devices across our customer base. In some cases those vendors also configured unapproved external connections to help track, maintain and update the devices. While not directly malicious, these unknown connections can greatly expand the number and types of risks an environment is exposed to.
  • Drifting (and Devious) Devices - As customers begin monitoring network activity they often find that devices intended for one VLAN have drifted to entirely different VLAN, resulting in unexpected expansion of risk. Even worse, devices tend to magically appear with no prior knowledge. From vendor firewalls to Teslas and gaming systems, identifying and securing unexpected devices can often be done within the first few weeks of deployment.
  • OT Optimization - Individual devices like infusion pumps and CT machines aren’t the only technology hospitals have challenges maintaining. Large scale OT systems that focus on facility automation and control present their fair share of problems. Cynerio’s forensic capabilities provide guidance and insight during troubleshooting to help ensure OT systems are running as efficiently as possible.
  • Perfecting Patches - No one likes an audit, especially when the findings require drastically improved patch management processes. Cynerio’s Preventative Risk Management offering not only identifies devices, but also analyzes them to identify needed patches and other security upgrades.
  • Meticulous Maintenance Management - Computerized maintenance management systems (CMMS) are notorious for a variety of errors due to lacking visibility, data entry errors and procedural gaps. Deep Packet Inspection (DPI) allows ongoing, automated identification of devices which can then be used to reconcile, track and update data in CMMS systems. For those unsure of where to start, CMMS analysis can also be performed in a matter of days to identify risks in currently known devices.
  • Prioritized Problem Solving - Hospitals are faced with lots of problems but surprisingly few solutions. Even the most advanced analysis engines become ignored if they are too noisy or difficult to use. That’s why adoption of standard frameworks like CVSS and EPSS help Cynerio customers not only discover issues, but also properly prioritize them based on a combination of severity and likelihood.

Beyond these helpful surprises, the Cynerio team also has a full Cynerio Live research team that dedicates 100% of their focus to healthcare research and defense. From hijacked robots to defining impacts of cyber attacks on patient care, this team informs the broader healthcare community while rapidly advancing the capabilities of our offerings. Join them on March 14, 2023 as they discuss real-life attacks that they’ve identified, addressed and removed from customer environments before they evolve into widespread outages.

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability