A Proactive Cyber Security Strategy For HIPAA Security Rule Administrative Safeguards
Is Your Organization Protected from the Next Large-Scale Coordinated Cyberattack?
Beginning in 2020, the Federal Bureau of Investigation (FBI) reported a dramatic and sustained increase in the number of complaints to its Internet Crime Complaint Center (IC3) indicating cybersecurity attacks almost doubled between 2019 and 2020 with a total increase of 300% spanning the previous decade.
During that same time of alarming growth in cybersecurity attacks, in 2020 alone more than $4.2 billion was reported to the FBI in total lost revenue resulting from cybersecurity attacks inside the United States of America. The latest data from 2022 now reports $10.3 billion lost.
Beginning in June of 2023, the number of ransomware attacks more than doubled compared to June of 2022.
This spike in cybersecurity breaches was attributed to one of the largest coordinated cyberattacks in recent history. Russia-linked ransomware syndicate, CLOP, exploited a vulnerability in MOVEit, a widely used file transfer software, to distribute ransomware leading to widespread system disruptions and data loss spanning hundreds of organizations.
As of August 2023, more than 500 organizations and 36 million individuals have been impacted including healthcare facilities, Federal Government agencies, state and local governments, small and large businesses, and school districts of all sizes.
Health IT Security recently reported that MOVEit-related breaches compromised the electronic protected health information (ePHI) of millions of Americans.
To help combat the recent explosion in cybersecurity attacks, in July of 2022 the National Institute of Standards and Technology (NIST) released a Special Publication (NIST SP 800-66r2 ipd) titled, “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.”
The publication serves as the latest set of guidelines to aid organizations in complying with the HIPAA Security Rule (a published set of requirements and standards for protecting ePHI from the U.S. Department of Health and Human Services).
The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting ePHI. Specifically, covered entities must:
- Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain or transmit
- Identify and protect against reasonably anticipated threats to the security or integrity of the information
- Protect against reasonably anticipated, impermissible uses or disclosures
- Ensure compliance by their workforce
This cybersecurity report from Trinsio documents an emerging trend in cyberattack prevention that combines new proactive technologies to complement your existing reactive measures offered by next-generation firewall vendors.
A Proactive-Plus-Reactive Strategy Supports HIPAA Security Rule Compliance Within NIST’s Cybersecurity Framework
Let’s examine popular solutions that combine both reactive and proactive strategies leading to better overall network cybersecurity protection.
Reactive Solutions Inside Your Network
Endpoint Detection and Response (EDR)
EDR involves an endpoint security solution that continuously monitors your end-user devices. EDR can detect and often respond to threats including ransomware and malware. Analyst firm, Gartner, defines EDR as a solution that, “records and stores endpoint-system-level behaviors, uses various data analytics techniques to detect suspicious system behavior, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.”
Extended Detection and Response (XDR)
XDR is an evolution of EDR. XDR extends beyond endpoint detection offering advanced detection, analytics, and responses across your endpoints, networks, servers, cloud workloads, and other systems. XDR provides a more unified view that includes threat detection, alerts, detailed analysis, and quickly deployed responses to threats.
Security Information and Event Management (SIEM)
SIEM is an approach to security management combining security information management (SIM) and security event management (SEM) functions into one security management system. SIEM systems are designed to collect data from multiple sources, identify abnormalities, then take appropriate action. When an alert is triggered, the SIEM system typically logs information on the alert and instructs other security controls to stop the triggered activity’s progress.
Managed Detection and Response (MDR)
MDR services combine technology and human expertise to perform threat detection, monitoring, and response. A benefit of MDR is it helps quickly identify a threat then reduce the impact of that threat using less human interaction and therefore has a greater impact within organizations with smaller IT departments.
Proactive Solutions Outside Your Network
Proactive solutions sit in front of your firewall to provide an additional layer of security on top of existing firewalls, MDR, EDR, XDR, and SIEM solutions. Proactive solutions are becoming popular because they add a significant amount of additional security without requiring you to modify or rip-and-replace anything you already have purchased and deployed to protect your network.
Threat-Blocking-as-a-Service (TBaaS)
Most proactive solutions are Active Defense with real-time Threat Intelligence platforms that fall into the Threat-Blocking-as-a-Service category. A TBaaS deployment is quick and painless as you simply place a small preconfigured appliance in front of your firewall then subscribe to the TBaaS service which automatically does the vast majority of the work for you (all within your predetermined budget and protection level).
A TBaaS solution is similar to a blacklisting solution. However, TBaaS services are typically managed by the vendor to automatically and continually update your solution with multiple source lists (up to 50) noting millions of malicious IP addresses curated by the broader cyberintelligence community.
The main advantage of a TBaaS solution is it will comprehensively block a much greater volume of threats from bad actors since it doesn’t rely on a single-sourced blacklist from a firewall vendor.
Your TBaaS deployment can be configured to block outbound traffic in addition to inbound traffic if desired giving you another line of defense if any malicious code manages to slip into your network. For example, if an already existing piece of malware attempts to pull its payload from an external server on the internet, that outgoing request can automatically be blocked by the TBaaS service. A
t Trinsio, we often find upwards of 80% of the total inbound traffic hitting an organization’s firewall is malicious in nature. A recent Trinsio network threat assessment for a rural county government exposed more than 10 million external and internal threats from 108 different countries around the planet – all during a 24-hour period. A TBaaS solution not only provides an additional layer of security, but also improves your firewall’s efficiency by dramatically reducing the amount of traffic your firewall needs to inspect.
Trinsio Analysis: The Cost of A Proactive-Plus-Reactive Strategy
Trinsio finds that adding a proactive TBaaS component to your existing reactive next-generation firewall hardware and software subscriptions on average increases your network security spend by approximately 20 percent.