South Peninsula Hospital
No matter how you sort it, healthcare inevitably ends up in the top five list of industries most at risk for a data breach, often at number one. Studies claim at some point in time, almost one in eight Americans have had their medical information exposed. Over 41 million patient records were breached in 2019, with a single hacking incident affecting close to 21 million records.
So how does a 50-bed hospital, nestled at the southern tip of the remote Kenai Peninsula in Alaska, keep up with cyberthreats that can overwhelm the rest of us in the lower 48?
“Until about five years ago, not very well,” says Jim Bartilson, IT Director at South Peninsula Hospital in Homer. “We knew we had a black hole, and we needed to add security to that. The question was, how can we block malicious network traffic easily without having to have a level three engineer do it?”
“Along came Nomic and it was a eureka moment for me, where you could actually easily see the traffic coming in. It’s really eye‑opening.”
Variously described as “where the land ends and the sea begins” or “Halibut capital of the world,” Homer, Alaska, is an arts and fishing community of around 5,800 people with spectacular views of Kachemak Bay, the Kenai Mountains, and several volcanic peaks across Cook Inlet including Mt. Augustine, Mt. Iliamna, and Mt. Redoubt.
“Along came Nomic Networks and it was a eureka moment for me, where you could actually easily see the traffic coming in. It’s really eye opening.”
Exponential Increase in Cyber Threats to Healthcare
But don’t let the “end of the road” isolation fool you. This is a hospital, thus a very big target to worldwide threat actors. In the first six months of 2020, South Peninsula Hospital was hit by over 1.4 million inbound scans and probes, including hundreds of high-severity events related to email and phishing scams, suspicious user-agents, adware, and spyware, according to Bartilson and Outpost data.
In the first half of 2020, hackers have increased their attacks against hospitals, given their vulnerability dealing with the influx of patients during the Covid-19 pandemic and their cache of patients’ personal and financial information, says the Wall Street Journal.
Bartilson has headed the five-person IT team at South Peninsula Hospital for 10 years. Around five years ago he went searching for a way to alleviate what he only imagined could be security flaws.
“We knew there was a problem with bad actors, thanks to the NSA providing these new tools to people that they shouldn’t have,” he said. “Actually, it was very, very eye‑opening. Intrusion detection and threat intelligence were new products to me. It wasn’t that I was on somebody else’s product before, and then moved to Nomic.
“When I ran a trial with Nomic, it was a ‘Holy!?!’ moment for me. It’s like Star Trek. ‘It’s worse than that, Jim!’”
At South Peninsula Hospital, Bartilson has deployed Outpost to the network perimeter, and doubled down with Nomic’s Internal Intelligence unit to gain visibility into internal threats.
Outpost is an in-line bridge device that patrols the network edge to deflect inbound exploitation attempts. The Outpost’s Threat Intelligence Gateway (TIG) continuously gathers attack data from other Outpost devices worldwide, then proprietary Network CloakingTM software makes the network invisible to these threats, effectively shutting them down before they penetrate the edge.
“Thanks to Nomic, it’s easier for the bad actors to hack users than equipment,” he says. “Now our biggest threats are from phishing and social engineering, absolutely. That’s the number one attack vector.”
“I don’t have to manage it. My network security is working 24/7/365. I trust the product. It should be as standard as antivirus software.”
Geo-IP Filtering Delivers Dynamic Protection
Since South Peninsula Hospital is small and its interactions are mostly with US-based companies, Bartilson uses geo IP filtering extensively. The filtering is used to restrict network traffic only to networks registered in approved countries. Implementing geo filtering can be tricky, so Sentinel Outpost allows configuration of whitelists and alert-only networks to ensure legitimate traffic will flow through the network properly with minimal false positives. Countries with the most dropped or blocked traffic to South Peninsula Hospital’s network include some of the usual suspects: Brazil, Russia, Bulgaria, and China.
“Funny story,” says Bartilson. “In the early days, when I was really stress testing their systems, I probably had the most manually blocked networks of any customer that Sentinel was used to. When I found out how many bad actors were out there and the type of traffic that was coming in, I had to do something personally. I manually blocked a lot of networks myself.”
“Then came geo IP filtering, and eventually I was able to trust the Sentinel to dynamically block malicious traffic. That was another hallelujah for me. Now, it’s really a set it and forget it. I don’t have to manage it. My network security is working 24/7/365. I trust the product. It should be as standard as antivirus software.”
“Our data has faces. They are community members. Our staff, our friends, our neighbors are customers. It’s my duty to protect them.”
Effective Compliance Gets Personal
In healthcare, IT departments have a major checklist of compliance requirements for patient records. Simply installing a firewall on your organization’s network perimeter doesn’t make you Health Insurance Portability and Accountability Act (HIPAA)-compliant.
Firewalls are often riddled with configuration flaws and don’t accurately protect systems that touch patient data. According to recent breaches analyzed by SecurityMetrics, 76% of investigated organizations had incorrectly configured firewalls.
The costs of a data breach are personal, of course, as well as financial. The Ponemon Institute estimated the average cost of a healthcare data breach in 2018 was around $6.45 million. Yet, as many as 50 percent of healthcare organizations have no security automation.
“Our data has faces,” Bartilson says. “They are community members. Our staff, our friends, our neighbors are customers. It’s my duty to protect them.”
The closest Walmart may be 90 miles away from Homer, and there is no such thing as next day delivery, but thanks to Bartilson, South Peninsula Hospital is shielded from most cyber storms.
“Here in a small hospital we wear a lot of hats. I don’t have somebody specifically dedicated to security. That’s where I rely on Sentinel,” says Bartilson. “I can’t remember the last time we had to call support. The product is a tank.
“Honestly, I don’t think anything will help me sleep at night short of isolating from the Internet, but Sentinel gives me more peace of mind.”