Threat feeds for a Healthcare Delivery Organisation

Healthcare Technology

Background

The healthcare sector is one of the most frequently targeted industries for cybercrime. The stakes are high as the data they handle is highly sensitive and tech outages don’t just result in financial losses, they can also lead to patient deaths.

Effective cybersecurity is vital.

The Requirement

MRG Effitas was approached by a multi-billion-dollar Healthcare Delivery Organization (HDO). They were looking for threat feeds that would provide thousands of fresh new malicious and suspicious samples each day for sandbox testing and improving the efficacy of their Endpoint Protection (EPP) software and information security system.

With over 45,000 endpoints to protect and 150,000 medical devices, the team takes a proactive approach to testing and improving its preferred EPP software and developed a proprietary in-house test environment.

To get the best from their in-house testing, they needed a regular feed of fresh malware samples.

Having tried malware feeds and suspicious samples offered by several other companies and sites, they found that they couldn’t get enough samples and the ones they received weren’t new enough or diverse enough.

The Solution

As MRG Effitas offers a free month’s trial, the team was able to experience and work with the feeds before buying them.

With over 300,000 samples a day gathered from honeypots and other sources across the globe, there were more than enough samples for their needs and, as many are less than 24 hours old, they are as fresh as can be.

To begin with they focused purely on an initial set of 2,000 samples, primarily from the Ransomware Feed, as that is the biggest cybersecurity threat that all healthcare organizations face. Over time they are building up the volume of samples from the feeds that go through the testing lab to maximize coverage.

MRG’s malware is fed into the test environment, completely segregated from the main network, to see if their preferred EPP product blocks the samples.

If it blocks the sample, it notes that in the database with the timestamp and SHA-256 value so that the same sample will not need to be tested in the future.

If it does not block the sample in the test environment, it sends details directly to the EPP solution so that if that malicious file is seen anywhere else in the organization or worldwide, it will block it, improving product protection.

The Result

Whilst no endpoint security is 100% effective, the objective of the Vulnerability and Risk team is to achieve the highest blocking rates possible and ensure that their system and software are as resilient as they can be to the ransomware and cyber threats in circulation.

With many high-profile attacks on healthcare providers around the world, the team monitors reports of new attacks and threats. In many cases, when these new threats have been investigated by the team, they have found that their system is already blocking that malware as it had appeared in the feeds from MRG Effitas a few days before and the testing system had flagged it as a new threat to block, preventing disaster.

The results of the team’s testing and the malware samples missed are also fed back to the endpoint software vendor to help improve the product globally.

“We know we can’t consistently achieve 100% block rates all the time, but our testing is closing the gap and achieving the highest security possible for our patients and staff. When we go to sleep at night, we know we have tested it against the large majority of samples out there in the wild.

The quality of MRG’s feeds is excellent. They are large, diverse, very fresh and offer a great foundation for our testing. They consistently challenge and improve our endpoint security software and are now our sole source of malware.”

Director of a leading HDO

Contact us

Read more about the cutting-edge work we do with cybersecurity vendors and enterprises