The same strategies used by the U.S. military can be tuned to help healthcare executives stay nimble and prepared for real threats.
Hospitals are facing attacks from every angle, whether it be their domain name system or the connected medical devices keeping their patients alive. Compounding this issue is the fact that few specific healthcare guidelines for training and readiness exist beyond compliance checklists. Even the 2017 report from the Health Care Industry Cybersecurity Task Force stated that the NIST frameworks do not offer enough guidance specific to the healthcare industry.
Military War-Games: The New Healthcare Vulnerability Tests
Improving Cybersecurity in the Health Care Industry Public Health Emergency
How to use war games as a strategic tool in health care
The missing element in the healthcare industry’s approach is a focus on cybersecurity staff, according to Laura Lee. Lee developed the first-ever “Cyber Protection Team Crew Operations Manual for U.S. Military Forces and National Guard Teams” for the Department of Defense.
From her experience with the military manual, Lee pointed to ways healthcare cybersecurity staff can stay current and nimble even as new threats emerge daily.
First, when it comes to developing applied information sharing groups within the sector, information-sharing of cyberattack techniques and mitigation strategies is still uncommon today.
She recommended using realistic scenarios in an exercise as the best information-sharing strategy. By creating generic networks in a virtual world that includes systems and policies used throughout the health sector, cybersecurity staff and their leadership should come together in exercises on a continuous basis quarterly.
“Healthcare organizations should create realistic scenarios using the typical threat actors seen in this sector,” Those scenarios should also take into account known threats that are not necessarily targeting healthcare specifically, or at least not doing so yet.
Lee’s second tactic is to regularly perform war games with recent threats, new procedures and advanced tools as the cyber-threat landscape continually evolve. Even during the height of the WannaCry ransomware attack on hospitals in May 2017, adversaries were altering and refining their techniques.
“The best cybersecurity defenders get ahead of threat evolution by practicing as a team against actual threat actors – Deep Panda, Anonymous – and share applied knowledge of best tactics, techniques and procedures,” Lee said. “By understanding trends in healthcare cyberattacks at the fundamental level, the defenders understand the detailed underpinnings and not just the signatures or indicators of compromise.”
Lee’s preference is to create a war game in a virtual environment in order to actually understand what the threat activity looks like, the timelines, artifacts and how the threat interacts with specific defense systems.
Healthcare cybersecurity staff can create war gaming scenarios for their specific environment and emulate threat actors they have encountered or understand are present in the sector. Unfortunately, there are plenty of real-world examples of recent attacks in the healthcare industry to use as a starting point.
“Healthcare business, at all levels of size and complexity, can first develop their mission impact model and then train their teams,” she said. “Finally, they can bring this knowledge together to share their policy templates, risk mitigation strategy and lessons learned in a proactive manner.”