Hospital Cyber ​​attacks cost 600,000 US dollars per hour. This is how AI changes mathematics

In the past few years Medical facilities Was not as vulnerable as now; Hackers had an unwritten rule not to address institutions or services in which a disorder could bring people in physical danger.

But that is no longer the case: Ransomware-as-a-service has increased and stolen medical information has become too much monetizable that have stimulated threats to attack hospitals at unprecedented level.

Alberta Health Services (AHS) does not intend to let yourself be vulnerable – the medical system strengthens its defense with AI.

Provision of AI reinforced cyber surgery from the cyber security platform SecuronixAHS has reduced its average time to react to more than 30%priority incidents. It also reduced false positive warnings by 90% and the workload by 2 to 3 hours a day, which led to hundreds of thousands of dollars of savings.

“Many hospital networks are large, fat, simple destinations,” Richard Henderson, Executive Director and CISO, told Venturebeat. “I don’t sleep much because I’m just afraid to get this call at 2 a.m. The entirety of our surroundings has dropped due to ransomware. “

Do the work of 1,000 (or essentially more) SoC analysts

AHS is the second largest hospital network in North America and the world’s largest individual instance of the Elhr platform for electronic health records (Ehr).

Henderson said that he and his team were responsible for cyber security for 106 hospitals, 800 clinics, 20,000 doctors and 150,000 employees with 4.5 to 5 million Albertans. He described AHS as a “massive on-prem organization”, with each facility being connected to the same epic installation.

So, Henderson noticed: “If it goes down, everyone is concerned. And it is not an exaggeration for me to say that if it goes under it, it could be very well influenced on the life of a patient.”

There is also no exaggeration to say that a complete epic failure-independent of whether it is ransomware or not the province of Alberta could easily cost between $ 500,000 and $ 600,000 per hour, he said.

In order to avoid such situations, AHS has used the “complete spread” of the Securonix platform in its area. This closes the functions for recognition, determination and reaction (TDIR) of the cybersecurity Company via the AI ​​-offered security information and event management platform (SiEM). This offers protocol management, behavioral analyzes and a safety data lake in one package.

Henderson explained that the Medical network Consumes terabytes of data to his Siem and relies on the cloud native architecture of Securonix to process data standardization and routing. Snowflake makes a large part of this backend.

Behavioral analysis is a critical part of AHS’s identification strategy. The platform from Securonix is ​​constantly learning how normal for users, endpoints and systems looks, Henderson explained, which helps his team to catch “the subtle stuff”, like a trusted account that “just a little offside”.

“It is looking for patterns and relationships together,” said Henderson. “You can set 1,000 security analysts, and you still have not enough people to search all telemetry moderates digital enterprises.”

AHS shortens the time until the resolution and improves the reaction times

For example, AHS-controlled AHS tools learn what normal network behavior looks like About his hospitals. If something unusual happens – like a device that suddenly speaks to an external server, it is never contacted before – it is identified immediately. This can lead to security teams to an incorrectly configured tool that may have been exploited if it would otherwise have been unnoticed.

“In the past, these types of misunderstandings have led to catastrophic ransomware outbreaks in other hospital networks,” said Henderson.

Or, like another example: a payload could possibly be suspicious, but it is veiled, which means that people have to try exactly what it is and what it does, noticed Henderson. Now you can ask the platform to de -tast the payload and determine what the attacker tries, and in “literally seconds” it does the whole work.

“In the past few years in which you can speak with a computer, how you speak to one person, has just changed how people think about AI,” he said. “Natural language processing has been around for a long time, but not at this level, and I will continue to blew how good it is.”

As a result, AWS was able to significantly shorten the time for the resolution and the ability to react faster. Henderson said that the average time to react to incidents with high priority has decreased by more than a third compared to the previous year.

This is because AI carries out heavy lifting and analysts helps to understand what happens and what an attacker tries to achieve, emphasized Henderson. In modern cyber security, the AI ​​has become of crucial importance for the detection of networks, endpoint protection, e -mail filtering and other cyber security functions. “My people save hours a day with AI tools,” he said.

The Securonix platform also contributed to reducing the sound, whereby AHS has achieved a significant decline in the wrongly positive statements about its junior analysts, which “really helps with focus and burnout,” said Henderson.

He noticed that there were many discussions about the lower safety processes. But from his point of view: “Ki will not replace junior employees. What it will do is to help you learn faster, to do your work better and to protect the corporate environment.”

Increased attacks make education critically critical

Since AHS is so large and many facilities in the province have the province, the Henderson team has to follow where the greatest volume of incidents takes place. This can help you close whether a certain geographical region is aimed at another.

Henderson pointed out that Calgary and Edmonton are the two largest cities in Alberta. Of course, one would think that they would bear a considerable main load of the attack volume. But that’s not always the case; Smaller rural hospitals are often targeted because the threat players assume that their immune system is weaker.

AI enables him and his team to keep an ongoing dashboard where incidents occur in order to plan additional public relations if necessary. Henderson spends a lot of time on the human side of security, he said and informed the nurses and doctors of AHS about previous attack campaigns so that they understand what they should look for.

“So if we see an increase in our rural hospitals, I will absolutely build an educational campaign to say:” They aim at rural hospitals because they believe that they are a simpler goal. These are the types of things you should look for, “he said.