Security check-up: How Cullman Regional Medical Center uses Darktrace to secure its patient data
Cullman Regional Medical Center strives to improve the health of our community by providing excellent medical resources. We have over 50 providers offering a wide range of specialized care across our offices in Cullman and Hartselle, Alabama.
To deliver the best services possible, we rely on technology. Staff members record medical histories in digital files. Guests interact with us through online portals. Medical IoT devices collect patient data. Yet the same digital adoptions that make healthcare more efficient also present vulnerabilities that threat actors can exploit to gain access to our digital systems.
Another major concern comes from insider threat, whether malicious or accidental. Data security depends on user compliance, which can be hard to enforce and monitor. Even unintentionally, medical professionals can introduce risk simply by bringing personal devices, such as smart phones or watches, into the network.
In late 2020, the FBI, CISA, and HHS issued a warning after the number of cyber-attacks targeting the healthcare sector reached record highs. The agencies cautioned that cybercriminals could exploit malware like TrickBot to harvest credentials, hijack resources to mine crypto-currencies, exfiltrate data, and deploy ransomware.
The attacks targeting the healthcare sector have gone up in frequency and complexity. While protecting our digital infrastructure and patient data has become increasingly difficult, it remains vitally important. That’s why we deployed Darktrace.
High stakes healthcare security
The consequences of cyber-attacks in medicine can be devastating. Lost or stolen medical records can damage a hospital’s reputation and cost millions of dollars. According to a Ponemon Institute study, the financial cost of a data breach in the healthcare sector can cost two to three times more than a breach in any other industry.
Beyond reputational or financial harm, cyber-attacks against hospitals and clinics can be lethal. They can force ambulances to be re-routed, surgeries to be postponed, and treatment options to be scaled back. In 2021, over 45 million patients were impacted by cyber-attacks on healthcare centers, and almost 25% of Health Delivery Organizations found that cyber-attacks increased patient mortality rates.
Darktrace protects our digital infrastructure to avoid these consequences. Its Self-Learning AI learns our organization— from the laptops and servers to the IoT devices to the users themselves— to recognize what constitutes our “pattern of life.” The AI then uses this information to identify the subtle behaviors that indicate a cyber-attack. Once an attack is detected, Autonomous Response reacts with surgical precision to neutralize it without disrupting our normal digital activity.
Darktrace is always on and can detect and respond to attacks within seconds, providing another layer of security for our hospital and clinics. Darktrace’s approach, based on understanding our organization to create bespoke security, allows the AI to spot threats that slip by traditional security tools, which rely on rules and signatures. In this way, Darktrace can detect insider threats, too.
Finally, not only does Darktrace protect us by stopping cyber-attacks, but it also serves as a deterrent to threat actors by making us a harder target.
Protection in action
Darktrace has successfully helped us monitor and protect our digital estate. We have used it to examine suspicious traffic and troubleshoot access related problems. Darktrace’s Cyber AI Analyst investigates attacks and translates its findings into understandable explanations displayed in a single screen.
Darktrace has proven its value to us on multiple occasions. The same day that one of our clinic managers installed a new file transfer protocol, Darktrace identified traffic going out over an unencrypted port. With its visibility and understanding of our cyber landscape, Darktrace detected this abnormal action and responded at machine-speed. It protected us from exposing personal patient data.
Another time, Darktrace noticed someone on our guest network running a network snooping tool, triggering us to remove their computer from the network. While it was only on our guest network, the threat actor could have been targeting the patients that were using it. Darktrace protected them, helping us live up to our goal of serving our guests with compassion and respect.
Keeping our organization healthy
We do not have a large enough IT staff to constantly monitor all traffic across our digital estate, so Darktrace supplements and augments our team. The AI continuously monitors our cyber landscape and responds to attacks without disrupting our normal digital activities. Moreover, it works at all times of the day, even when I am not online. By handling the maintenance of our security, Darktrace buys my team time to work on other projects.
The cyber security of our organization is crucial for the safety of our patients and practitioners. Since deploying Darktrace, my team feels reassured that our security posture can handle any attacks that come our way. Darktrace is a valuable tool in our security stack.