Securing the Parameter for Healthcare Organizations: SSL Traffic Inspection
By Jonathan Tan, Regional Vice President, ASEAN & Pakistan, A10 Networks
Ransomware has been around for nearly a decade and is fast becoming the attack of choice by cyber criminals to target healthcare organizations. A recent survey by Healthcare IT News and HIMSS Analytics, revealed that about 50% of healthcare organizations said they have no way of identifying these types of attacks. It’s disturbing that their customer data could be at risk right now, and they may not even be aware of it. In our view, healthcare organizations are at risk of ransomware attacks primarily because of SSL encrypted traffic.
In this article we look at two key reasons why the healthcare sector is an attractive target for ransomware attacks, and how SSL inspection is an essential for defending against it.
Two Key Reasons Why Healthcare Organizations Are Being Hit-
- Patient data is crucial in life-and-death situations, so healthcare organizations don’t have the luxury of holding out on paying the ransom.
- Because of Health Insurance Portability and Accountability Act (HIPAA) patient privacy regulations, the majority of communications require SSL encryption.
Leveraging a Good Thing to Do Harm
Healthcare security professionals embrace SSL encryption and agree that it’s necessary for patient privacy protection. But hackers are using it to their advantage by locking down valuable patient data and then demanding a ransom for the decryption key. Once ransomware gets into your system or network via malware embedded in email attachments or drive-by downloads, it hides behind various obfuscation techniques to evade network security defenses. Malware can be concealed in encrypted traffic to bypass controls put in place by healthcare organisations. Today, 8 of the top 10 websites in the world use encrypted traffic – think Facebook, LinkedIn, Google, Youtube and more.
The Antidote: SSL Inspection
SSL inspection is an essential for defending against ransomware. Here’s why:
- Intrusion detection systems (IDS)/intrusion prevention systems (IPS), network monitoring, and other traditional defenses can’t inspect encrypted traffic. It’s estimated that close to 70% of current Web traffic is encrypted. Yet despite this, 80% of organizations with firewalls, IPS, or Unified Threat Management appliance do not decrypt SSL traffic. This could be because, as NSS Labs discovered, the average performance of seven leading NG Firewalls fell an average of 81% when decrypting SSL traffic with 2048-bit keys. So, unless advanced SSL decryption technology is deployed to enhance their existing security devices, most healthcare organisation can’t effectively inspect SSL traffic.
- When ransomware is installed, it operates as a command and control server that reaches out to the attackers in order to get the encryption keys. This communication is hidden in encrypted SSL traffic to avoid detection. SSL decryption exposes it so that the security infrastructure can stop ransomware before it downloads the encryption key, pre-emptively stopping the attack.
An Ounce of Prevention
We hope we’ve raised awareness about how you can prevent ransomware attacks through SSL traffic inspection. Technology products like A10 Networks’ Thunder SSL Insight (SSLi) removes the blind spots created by encrypted traffic and helps halt ransomware attacks before they hold your healthcare data hostage and put your patients and your organization at risk.