Combating threats with UEBA: Health is wealth

In this four-part series, Combating threats with UEBA, we explore hypothetical cyberattacks inspired by real-life events in four different industries: healthcare, financemanufacturing, and education. Each week, we'll take a look at unforeseen security attack scenarios, and discover how user and entity behavior analytics (UEBA) can be leveraged to safeguard organizations.  

In the first post of the series—Health is wealth—we delve into cyberthreats that lurk in the healthcare sector, and how UEBA assists IT admins with safeguarding their organizations' networks.

The healthcare industry is becoming increasingly reliant on technology to carry out various day-to-day functions, from maintaining electronic health records and generating test reports, to utilizing online doctor-patient communication portals. While on one hand, this translates into faster and more efficient medical services for patients, on the other hand, it increases the attack surface for hackers looking to exploit sensitive healthcare data. Additionally, the consequences of cyberattacks in the healthcare industry could be life threatening. 

While we've all heard of "health is wealth," have you ever applied this line of thought to healthcare data? In case you didn't know, a single patient's healthcare record can fetch up to a thousand dollars on the black market; these records fetch a high price because they contain valuable information like Social Security numbers, medications, diagnostic reports, and prescriptions. The following are some of the ways in which UEBA can protect healthcare industry.

Blocking the sale of illicit information

Mark Carter is a med student at the Chicago Hope Hospital in dire need of money. In desperation, he steals patient information he has been given access to by sneakily copying it to a USB device after his shift ends at 5pm. He plans to sell the illicit information on the black market for a good price.

But wait! Chicago Hope Hospital utilizes a UEBA solution, which monitors the behavior of every entity and user that belongs to the hospital network. Carter tries to copy critical information on his device at 7pm, but UEBA detects pattern and time anamolies, and increases his risk score substantially. 

Blocking the sale of illicit information Dr.Carter tries to exfiltrate critical data

Despite having the necessary access permissions, his risk score is increased because his actions deviate from his usual behavior, which typically includes viewing, creating, and editing patient records only between 9am and 5pm. The abnormal spike in risk score is noticed by the IT security officer in the UEBA portal, and Carter's user account permissions are immediately revoked. His hard disk is confiscated, and the hospital initiates legal actions against him.

Preventing a potential data breach

It was a rather tiresome day for Dr. Sarah Jones, a pediatrician at Cuplin Health Systems. The moment she stepped into a restaurant for an early dinner, her laptop was stolen from the passenger seat of her car. Upon discovering the theft, she panicked; she had not signed out of the organization's online portal where the doctors are supposed to record the details of patients they treated each day. The portal contained personally identifiable information (PII), such as names, addresses, dates of birth, and medical data of the patients. The PII of numerous children could be used for malicious purposes, such as deriving unintended inferences: that is, using machine learning algorithms on multiple data sets collected from various sources to derive unverifiable predictions of the data subjects' preferences and behaviors. This could trigger privacy-invasive discriminatory actions against patients, like targeting them based on ethinicity or medical history.

When Dr. Jones reached out to the IT admin, she was informed that her user account was temporarily suspended since her risk score shot up. The hospital's UEBA solution had detected the pattern anomaly evoked by multiple failed login attempts into the laptop. Since she confirmed that the device was stolen, the account was deleted and a case was filed with the local police.

Quarantining the network

At the Will Palmer Hospital in Baltimore, Dr. Tim Watson successfully completed an unconventional artificial retinal transplant surgery. As everyone rejoiced about Dr. Watson's accomplishment, Anne Wilson, system administrator, breathed a sigh of relief as she quarantined a computer on the network that fell victim to a ransomware attack targeting the medical center's IT network. 

The hospital's UEBA solution identified a count anomaly as numerous files were executed that dramatically increased the risk score of an entity, alerting Wilson to take corrective actions that prevented a potentially debilitating ransomware attack, and indirectly contributed to the success of the surgery. 

Had the attack not been detected at the right time, hundreds of computers, diagnostic equipment, and network devices that aid in surgery could have been hijacked, incapacitating the hospital's operations. Wilson was glad she chose a UEBA solution to protect her organization. 

Quarantining the network Dr.Watson shares a light moment with Ms.Wilson post a successful surgery

The healthcare sector is a prime cyberattack target

With healthcare being one of the sectors most prone to cyberattacks, it's imperative for organizations in this industry to secure their IT infrastructures. In a way, protecting IT becomes extremely critical for protecting patients' health. 

Stay tuned to this series, "Combating threats with UEBA," as we probe into the cyberthreats that threaten the money minting financial sector, the manufacturing industry, and the education sector in the upcoming blogs. 

Until then, be vigilant and stay secure. We don't want you to become inspiration for our next post.

In case you're curious about how UEBA can help secure your enterprise, check out our whitepaper.

Related blogs


Change the way you manage security.

Defend against sophisticated threats.

Get started with Log360 UEBA.


© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.