Jeff Harris
Chief Marketing Officer

Check your Vital Signs – Cyber attack at Banner Health

August 12, 2016 by Jeff Harris

Here we are again.  The personal data of up to 3.7 million individuals is now at risk following a cyber attack on US healthcare insurance provider Banner Health. While full details of the mode of attack and the data that has actually been compromised are still emerging, the attackers may have names, birth dates, addresses, health insurance information, and Social Security numbers.  This puts another large number of individuals at risk of fraud, particularly medical identity theft.

While the inventory of what was stolen may not be clear, what is clear is that more than one point of vulnerability was exploited by the attackers. Banner Health’s support website explains that the firm discovered:

  • ‘Unauthorized access to computer systems that process payment card data at the food and beverage outlets at some of our Banner Health locations’
  • ‘Unauthorized access to information stored on a limited number of Banner Health computer servers’

It appears that the attackers managed to infiltrate both the Banner Health servers storing patients’ medical information, and the network systems used to process card payments.  Two very different areas of the company’s network infrastructure were targeted in the attack.

The timescale and duration of the attack is also revealing.  Banner Health company officials explained that they were initially alerted to the specific breach of their food and beverage outlets on July 7th, and six days later, were able to pinpoint the initiation date of the attack as June 17th.  It is still unclear from these statements exactly when it was established that the servers containing medical information were also under attack.

Both of these factors suggest that Banner Health’s visibility of what was happening in its networks were limited.  Not only were the attackers able to compromise more than one part of the corporate infrastructure, but they were able to do so for some days before the attack was discovered, and remedial action taken – by which time it was too late.

Visibility scanning

We repeatedly say you cannot secure what you cannot see. Without comprehensive, real-time visibility into network traffic and performance, you don’t even have a chance to reliably identify when a cyber threat is happening much less gather the intelligence you need to neutralize such threats and resolve the issues.

Getting forensic-level visibility requires implementing context-awareness in your bulk data handling before the analysis tools.  Ixia Network Packet Brokers (NPBs) have a lot of advanced features to distribute data flows in a load-balanced, filtered, de-duplicated way and can even mask sensitive personally identifiable (PII) data without losing information.  When you consider the same NPB can also decrypt SSL traffic and block known bad IP addresses, the firewall can even better focus on analysing what is left.  I really good NPB eliminates excessive noise generated by known bad traffic and regions where you do not do business.  It also helps more quickly expose threats that may otherwise be hidden inside encrypted traffic (such as on payments networks), giving a clearer picture of what is really going on in your infrastructure. 

Collectively, these elements deliver a sophisticated and intelligent ‘Security Fabric’ – the foundation for comprehensive security-oriented visibility. The Ixia Security Fabric, integrated across our family of NPBs, sets up your network and security tools for success.  Ixia pioneered network bypasses and our latest iBypass VHD has 300% more security resilience capacity.  This is a necessity for your inline tools. The Security Fabric also provides a lot of context-aware data processing features to make sure your analysis tools are not wasting time inspecting the wrong traffic.  It also provides a security intelligence layer that decrypts SSL traffic and filters out known bad IP addresses so you are not wasting time analyzing junk.   

The Ixia Security Fabric also stops any bot-infected machines on your network from sending data out to those known bad IP addresses – blocking communication from malware command and control centres, and stopping stealthy data exfiltration by existing infectious agents.  If you haven’t seen what an Ixia Security Fabric can do, you should contact us and set up a demo.  

As the recent Ponemon Cost of Data Breach 2016 Report noted, the average cost of a breach is now over $4M per incident, with breaches taking an average 201 days to discover and 70 days to contain.  Better network-wide visibility means that breaches can be spotted earlier, before they have the chance to inflict such costly damage to your networks’ health.