BLOG: Healthcare System Stays in Front of Ransomware Threats with IBM QRadar SIEM

December 16th, 2022 BLOG: Healthcare System Stays in Front of Ransomware Threats with IBM QRadar SIEM

Marie Ashway
Director of Marketing
Power 70 Women of the Channel

 

The FBI’s Internet Crime Complaint Center (IC3) reported a 7 percent increase in cybercrime in the US in 2021, resulting in a loss of nearly $7 billion. In 2022, top crime tactics effecting businesses and individuals include Phishing, Website Spoofing, Ransomware, Business Email Compromise (BEC), Malware, and IOT Hacking.

Today’s reality of hybrid operating environments with their dynamic variables requires the need for every business to reassess their cybersecurity strategy to ensure it is aligned with the business, and that solutions are integrated to protect digital users, assets, and data, from edge to edge.

 

Healthcare Providers Targeted for Ransomware Attacks

Healthcare providers are being specifically targeted for ransomware cyberattacks. As reported by Thomson Reuters, two-thirds (66%) of healthcare organizations were hit by ransomware attacks in 2021, an increase from 34% in 2020.

Patient records are a common target of cyber criminals since healthcare provider operations are dependent on that data. Holding that data hostage is a sure-fire method of crippling patient services.

Identifying, assessing, and managing risks are key elements to stay in front of these threats. The security team at Mainline has found that IBM QRadar is an effective, cyberthreat detection and response solution for a variety of our clients and has delivered business value in the areas of compliance, visibility, and automation.

 

IBM QRadar At a Glance

IBM QRadar is an effective cyberthreat detection and incident response solution for today’s more complex networks. It leverages large data sets and sifts through them quickly to find patterns and anomalies. QRadar can be deployed on premises, in the public or private cloud, and as a SaaS solution.

QRadar is easy to use and compatible with existing security solutions, smoothly integrating into an organization’s current environment. It can also be combined with other IBM products including Spectrum Scale, Cloud Object Storage and IBM Spectrum Virtualize with integrated IBM Safeguarded Copy to take such actions as to invoke backup at the sign of a threat. Examples of threats include:

  • Unauthorized delete attempt
  • Admin logon outside of normal operating hours
  • Simultaneous logon from two different geographic locations

In addition to SIEM functionality, QRadar also provides user behavior analytics (UEBA), as well as integration with vulnerability platforms to prioritize risk-based investigations or threat hunting efforts.

 

» Use Case – Healthcare Provider Implements IBM QRadar SIEM

 

A major Healthcare provider, with who Mainline has had a long-standing relationship, lacked visibility into end user activity and network traffic and needed a security intelligence platform to monitor and investigate security events.

The provider also had a small staff that lacked cybersecurity expertise. The solution needed to be easily implemented, simply managed, and fit the limited budget.

 

Security Assessments – Step One

The first steps taken by Mainline’s security team was to perform a broad range of security assessments, including a vulnerability assessment, HIPAA compliance assessment, and a controls review. These assessments identified gaps in the client’s security program, highlighting the priorities for the architect teams.

 

QRadar Benefits

Armed with information from the assessments, the Mainline and client architect teams concluded that IBM QRadar would provide a robust security information and event management (SIEM) solution, on a single platform.

Use cases they needed were available straight out of the box reducing the need for custom searches. The healthcare system gained full visibility of the enterprise via a central dashboard, even seeing devices on the network they didn’t know existed.

The QRadar solution has also helped the healthcare provider adhere to compliance requirements. The network traffic logs generated from routers, switches, desktops, servers, medical devices, and IoT are now captured, ingested, and analyzed by QRadar providing an automatic alert for compliance violations. Previously these were manual processes, and the elimination of manual processes has saved time and allowed the provider to shift resources to focus on other mission-critical activities.

 

Next Steps

As the healthcare system expands, Mainline continues to work with the organization to further develop and mature their security program through additional technology and services offerings.

 

More Information:

Mainline offers a comprehensive portfolio of security, governance, and risk mitigation solutions. If you’re interested in learning more about cybersecurity solutions for your business to keep hackers and threat actors at bay, please contact your Mainline Account Executive directly or click here with any questions.

 

You may be interested in:

Vlog: IBM Security QRadar SIEM (4:36)

Blog: Cybersecurity in 2022 – 5 Priorities for Business Leaders

Blog: Security 101 in the IBM Cloud

Case Study: Healthcare System Gains Security Intelligence & Network Traffic Visibility with IBM QRadar SIEM

Mainline