The electronic attacks in the hospital cost $ 600,000/hour. Here is how artificial intelligence changes mathematics

In the past years, Medical facilities It was not weak as it is now; The infiltrators had an unwritten base not to target institutions or services in which people could be disrupted at a physical danger.

But this is no longer the case: Ransomware-AS-A-Service has spread and stolen medical information has become exciting, which led to the threat of actors to attack hospitals at unprecedented levels.

Alberta Health Services (AHS) does not intend to leave itself weak – the medical system enhances its defenses with artificial intelligence.

The publication of Ops Cyber ​​Ops from the cyber security platform SecuronixAHS reduced its average time to respond to high priority accidents by more than 30 %. It also reduced the wrong positive alerts by 90 % and work burdens by 2 to 3 hours a day, which led to hundreds of thousands of dollars.

“Many hospital networks are great goals of fat and easy goals,” Richard Henderson, CEO of AHS and Ciso, told Venturebeat. “I do not sleep much because I am terrified of receiving that phone call At 2 am Saying that our environment has decreased due to the ransom. “

Do 1000 (or more or more) SOC analyst

AHS is the second largest hospital network in North America and the world’s largest individual condition from the e -health care record (EHR).

Henderson explained that he and his team are responsible for cybersecurity for 106 hospitals, 800 clinics, 20 thousand doctors and 150,000 employees serving from 4.5 to 5 million Albertan. AHS described as “a huge organization on a basis”, with each facility connected to the same epic installation.

Therefore, Henderson pointed out, “If it falls, it is decreased for everyone. It is not my ambiguity to say that if it falls, it may have an effect on the patient’s life.”

He said that it is not an exaggeration to say that a complete interruption of the epic-regardless of whether it is related to ransom programs or not-can cost Alberta County anywhere from $ 500,000 to $ 600,000 per hour.

To avoid such cases, AHS has published the “full spread” of the Securonix platform inside its environment. This includes the possibilities of detecting threats, investigation and response (TDIR) of the Cyber ​​Security Company through the safety and juvenile management information platform (SIEM) that works with AI materials. This provides registry management, behavioral analyzes and lake of safety data in one package.

Henderson explained that Medical network Terabayte consumes data in SIEM and depends on the original cloud SECURONIX cloud structure to deal with the normalization and directing of the data. Snowfit power is a large part of that back interface.

Behavioral analyzes are a decisive part of the AHS discovery strategy. Henderson explained that the Securonix platform is constantly learning what the normal uses of its users, finish points and systems, which helps his team to capture “hidden things”, such as a reliable account that behaves “a little”.

“She is looking for patterns and sewing things together,” Henderson said. “You can employ 1000 security analysts and still have enough people to be able to search in all modern digital institutions that you consume.”

AHS cuts the time to a solution, improve response times

For example, AHS ‘AI-AI-AI-AI- Through its hospitals. When something unusual – like a device suddenly talks to an external server, has not been contacted before – it is commented on it immediately. This can lead to security teams to a tool with formation that may be exploited if not observed without anyone noticing.

Henderson said: “These types of disrupted bad ransoms have led to the disastrous ransom in other hospitals in the past,” Henderson said.

Or, as another example, the potential load may appear as suspicious, but full, which means that humans have to try to discover exactly what it is and what it does, and Henderson pointed out. Now, they can ask the statute to remove the load and determine what the attacker was trying to do, and in “seconds literally” he does all the work.

He said: “In the past few years of being able to speak to a computer as you were talking to someone I have changed how people think about artificial intelligence.” “The treatment of the natural language has been present for a long time, but not at this level, and still blows me out of its quality.”

As a result, AWS managed to reduce time significantly to solve and improve its ability to respond faster. Henderson said the average time to respond to high priority accidents fell more than a third compared to last year.

This is because artificial intelligence does heavy lifting, and helps analysts understand what is happening and what the attacker is trying to achieve. In modern cybersecurity, artificial intelligence has become very important to detect the network, protect the end point, liquidate e -mail and other cybersecurity functions. “My popularity provides hours a day using artificial intelligence tools,” he said.

Hinderson said the Securonix platform also helped reduce noise, as AHS has witnessed a significant decrease in false positives that reach its novice analysts, which “really helps in focusing and avoiding fatigue.”

He pointed out that there is a lot of discussion about artificial intelligence to replace the lower levels of security operations. But from his point of view, “artificial intelligence will not replace young employees. What you will do is to help them learn faster, do their jobs better and protect the institution’s environment.”

Increased attacks make education embarrassing

With AHS is very large, as many facilities that extend to the province extend, Henderson needs to track where the largest size of accidents occur. This can help them conclude whether it is a specific geographical area targeting another region.

Henderson noted that Calgary and Edmonton are the two largest cities in Alberta, so of course, one may think that they will carry a great attack. But this is not always the case; Smaller rural hospitals are often targeted because the actors of threats assume their defenses are weaker.

Artificial intelligence allows him and his team to keep the driving board in which accidents occur to plan additional communication if necessary. He said that Henderson is spending a great time on the human side of security, he said, as he educated the nurses and doctors in AHS in previous attack campaigns to understand what to search for.

So, if we see a rise in our rural hospitals, I will build a completely educational campaign to say: “They are targeting rural hospitals because they think you are an easier goal. These are the types of things that you should look for. ”