Healthcare Information Security

Cybersecurity News

Can SSL Decryption Prevent Healthcare Data Breaches?

A recent survey found that only one-third of organizations believe they can properly leverage SSL decryption, which could factor into healthcare data breach prevention measures.

By Elizabeth Snell

Utilizing data encryption methods is often touted as a way to prevent healthcare data breaches, as it could help prevent sensitive information from being easily accessible. Preventing and even preventing network attacks should be a top priority for all covered entities. But what are the best options in terms of data encryption?

SSL decryption could assist in healthcare data breach prevention

A recent study shows that SSL decryption and inspection could be greatly beneficial to organizations in various sectors, including healthcare and pharmaceuticals, as well as financial services.

SSL decryption is a general public key infrastructure “encryption protocol that works between the underlying transport protocol (TCP) and the application containing data we are trying to protect,” according to the SANS Institute.

“It can be a part of any application commonly including web browsers or email apps, and it protects data by making it unreadable by unintended recipients,” SANS explained in a paper.

Uncovering Hidden Threats within Encrypted Traffic was commissioned by A10 Networks and conducted by Ponemon, with 49 percent of surveyed organizations in the financial services, health and pharmaceuticals, general services, and the public sector. Over half - 55 percent - of respondents also said that they report directly to the CIO, CTO or head of corporate IT.

The study found that half of all known cyberattacks used SSL encryption to evade detection in the last 12 months.

Furthermore, 80 percent of respondents said they had been victims of a cybersecurity attack in the past 12 months. Of those, 41 percent said the attacks hid in SSL traffic. Even so, 89 percent also stated that SSL decryption and inspection is either “essential” or “very important” to the performance and security of their business.  

Organizations are seeking SSL decryption capabilities and often want certain attributes and capabilities, according to the survey. Specifically, 79 percent of respondents said they want SSL certificate and key management, while 68 percent want scalability.

The other top desired features were compliance requirements; uptime, performance and security; and multi-vendor security integration.

Ponemon chart of desired SSL decryption features

The top concern in implementing SSL decryption solutions is performance, the survey found. Sixty-one percent reported that they were worried about a lack of performance for organizations that don’t decrypt SSL traffic. Additionally, 83 percent of respondents said that decryption results in some type of degradation within organizations currently decrypting and inspecting SSL traffic.

Ponemon chart of top SSL decryption concerns

The study also found that only approximately one-third of respondents - 36 percent -  feel that their organization can properly leverage SSL decryption and inspection for data breach prevention.

“SSL decryption is rapidly becoming a necessity to properly inspect Internet traffic and stop potential attacks,” the report’s authors stated. “Be proactive and expose the hidden threats within your environment.”

It will also be important for organizations to assess their tools and determine which can benefit from adding SSL decryption and inspection capabilities, the report concluded. Entities should also identify their critical needs and create an outline to build an applicable plan. For example, organizations should know if they desire scalability, compliance controls, or better integration with third-party security vendors.

Finally, mapping SSL decryption capabilities to a proven platform can assist organizations as they inspect and analyze encrypted traffic for any potential malicious behavior.  

Image Credit: Ponemon, A10 Networks

Dig Deeper:

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks