{"id":2941,"date":"2016-03-07T20:15:42","date_gmt":"2016-03-07T20:15:42","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=2941"},"modified":"2020-05-06T10:30:03","modified_gmt":"2020-05-06T17:30:03","slug":"keeping-geisinger-health-systems-network-safe-from-predators","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/company\/keeping-geisinger-health-systems-network-safe-from-predators\/","title":{"rendered":"Keeping Geisinger Health System\u2019s Network Safe from Predators"},"content":{"rendered":"

The news that the electronic healthcare records of a Los Angeles organization were held for cyber-ransom in February wasn\u2019t a surprise to those who follow such attacks. An article in\u00a0Modern Healthcare<\/a>\u00a0quoted an expert from the Rand Corporation as saying that \u201chealthcare organizations, along with small businesses and schools, make good targets for ransomware attacks because they don’t typically have the sophisticated backup systems and other resilience measures that are typical at large corporations.\u201d The article also cited two smaller healthcare organizations that had been hit by ransomware attacks in 2012 and 2014.<\/p>\n

Ransomware is just one way that healthcare and other industries are targeted by cybercriminals. Another common tactic for cybercriminals is data exfiltration; that is, the theft of confidential data for nefarious purposes. (For a look at a number of the issues health care IT executives face, see this\u00a0report<\/a>\u00a0from the firm Independent Security Evaluators.)<\/p>\n

One healthcare organization that has less reason to worry about these issues is\u00a0Geisinger Health System, serving more than 2.6 million residents in central and northeastern Pennsylvania. Geisinger deployed a solution based on patented Infoblox Grid\u2122 technology that includes Infoblox DDI, Reporting, DNS Firewall, and DHCP Fingerprinting. Because of our proximity to the fundamentals of the network, Infoblox can provide context on security alerts \u2013 for example, identifying compromised devices by their IP addresses and providing a history of their activity through DHCP logs.<\/p>\n

Rich Quinlan, one of three technical analysts responsible for DNS and DHCP services at Geisinger and its affiliates, reports that the Infoblox technology found a security issue almost immediately. \u201cWe were doing an evaluation of DNS Firewall, and during that evaluation\u2014even though we have incident detection and prevention systems and firewall logging\u2014we detected a ultrasound machine that was attempting to communicate with a known (malicious) command-and-control server,\u201d Quinlan said in a recent\u00a0case study<\/a>.<\/p>\n

DNS Firewall detected the outbound communication, and Infoblox DHCP fingerprinting\u2014which captures the device type for an assigned IP address issued as part of the DHCP process\u2014enabled Quinlan\u2019s team to quickly and accurately identify the offending device so that the threat could be contained before it spread across the network.<\/p>\n

Quinlan underscores the seriousness of this kind of threat. \u201cIn spite of all the conventional steps we take to protect our internal network, patient care could still be affected. We could have an entire hospital full of useless ultrasound devices because one was brought in with a virus and we have no control over them. And if it was able to exfiltrate data, we would have a Health Insurance and Portability Accountability Act (HIPAA) compliance issue.\u201d<\/p>\n

Equally important for the health care industry, Quinlan adds, the Infoblox technology \u201chas been one of the most reliable systems that we have in the entire organization. We have had zero unexpected downtime in the three years that it\u2019s been in place, and that’s very rare in this day and age. I can sleep better at night knowing that we are not going to have a system failure.\u201d<\/p>\n

To read the full case study, click\u00a0here<\/a>. And you can watch Rich Quinlan talk about his experience with Infoblox here:<\/p>\n