HC3 Explores Cybersecurity Implications of Automation in Healthcare
HC3’s latest brief dives into the history of automation, its uses in cybersecurity, and how it may impact healthcare.
Source: Getty Images
By Jill McKeon
- The Health Sector Cybersecurity Coordination Center (HC3) issued a detailed brief regarding automation and its impacts on healthcare cybersecurity and beyond.
HC3 defined automation as “[t]he use of largely automatic equipment in a system of manufacturing or other production process.” Automation can be done using software or hardware and is meant to reduce the manual involvement of humans while increasing efficiency.
Examples of automation in cybersecurity include machine learning and artificial intelligence, penetration testing, and automated intelligence collection.
Using automated technologies can help healthcare organizations detect threats more quickly and fill gaps in the cybersecurity workforce. However, threat actors may also find automation useful in their efforts.
HC3 noted that it can be time-consuming for attackers to manually go through stolen data. As a result, they may use automated software to identify valuable information like credit cards and passwords. In addition, threat actors leverage credential stuffing, brute force attacks, and keyloggers.
Throughout the cyber kill chain, HC3 suggested, threat actors may use automation to advance to the next phase more quickly. For example, during reconnaissance, threat actors could use automation to harvest email addresses, discover internet-facing services, and collect other information.
However, defenders can also use automation to combat these tactics. For example, healthcare organizations can use automation to build detections for browsing behaviors and collect visitor logs.
HC3 detailed the ways in which both threat actors and defenders use automation to advance their goals throughout the cyber kill chain, from weaponization to delivery and exploitation.
Defenders can leverage automation for good by conducting malware analysis, implementing vulnerability scanning technology, blocking common installation paths, and detecting data exfiltration.
As threat actors continue to automate age-old tactics, organizations can also use automation to sharpen their defenses.
