Support Login


Advanced Network Security for Healthcare

Deception Based Threat Detection

Healthcare organizations are rich attack targets based on the high value of their data and challenges associated with the increased vulnerabilities associated with less-than-secure medical devices.

The Internet of Things (IoT) is revolutionizing the healthcare industry by changing the way professionals deliver care to patients and how patient data is collected, shared and stored. This new innovation comes with many benefits, however with the increased use of internet connected devices, comes additional security risks. These connected devices can become the target for medical device tampering and become a primary target for ransomware attacks as threat actors seek monetary gain in return for restoring services. Additionally, medical device networks are often overlooked in the IT security monitoring infrastructure providing attackers opportunities to infiltrate and persist in the network undetected.

In a survey of 370 professionals in the medical device/IoT field, over one-third experienced a cybersecurity incident in the past year.[1] If the medical device/IoT field mimics other industry trends, the number of incidents is only going to increase. What is particularly alarming, though, is that since medical devices are built to last longer than most technology, the devices weren’t initially built to cope with the 2018 threat landscape.[2] To combat the evolving attack surface, organizations need tools that stay one step ahead of attackers by not only preventing attacks but also detecting and responding to them early.

To address these challenges, Attivo Networks has collaborated with BD (Becton, Dickinson and Company) to provide visibility and improve detection capabilities against potential cyber threats that can impact medical devices.  The Attivo BOTsink® deception-based threat detection solution provides decoys and lures to misdirect potential attackers away from production assets and, through this collaboration, Attivo decoys now provide preloaded software to mirror-match decoy authenticity of certain BD products. This authenticity creates an environment in which a potential attacker cannot discern between real and fake assets; ultimately, revealing an attacker’s activities as they try to scan systems or attempt to download malware onto these devices.

The Attivo BOTsink® deception solution complements protections for certain BD products by placing decoys that appear as production IoT devices to confuse, trip up, and detect potential attackers. BD employed a rigorous evaluation of the Attivo BOTsink technology to ensure it is compatible with certain BD products and performs as indicated.  Additionally, the Attivo solution provides attack analysis with indicators of compromise (IOC) and attacker tools, techniques, and processes along with actionable forensics that may be leveraged for remediation.

For more information, please review the solution brief.




Securing Patient Data When Prevention Systems Have Failed

Webinar: Mission Health’s experience with the Qakbot malware and their use of the Attivo BOTsink forensic technology in the remediation process.

Speakers: Daniel Gallagher, Mission Health – Robert Crisp, Attivo Networks.

The Attivo Solution

Attivo takes a modern approach to IT security and operates on the premise that attackers will get inside the network. Attivo created advanced network security solutions that use deception based threat detection. These techniques help healthcare organizations dramatically increase the speed in which threats inside the network are uncovered, understand an attacker’s intent and establish a defense against future attacks. Attivo’s techniques are proven to detect threats against patient records and information stored in data centers; medical devices used to treat patients, the bring-your-own-device (BYOD) used by doctors, and Internet/web presence.

Deception Based Threat Detection for Healthcare

Protecting Patient Data, Company Assets, and Patient Lives

Healthcare organizations are rich attack targets based on the high value of their data. They are also highly vulnerable to attack due to the ease of access characteristic of less-than-secure medical devices. Today’s security perimeter solutions are no longer adequate to prevent BOTs and Advanced Persistent Threats (APTs) from accessing patient data and other confidential information.

Download this white paper to learn more about the cyber state of the healthcare market and how deception technology is being used to detect and defend against cyber attacks.