{"id":6328,"date":"2022-05-12T05:12:05","date_gmt":"2022-05-11T21:12:05","guid":{"rendered":"https:\/\/x-phy.com\/?p=6328"},"modified":"2022-05-12T05:12:05","modified_gmt":"2022-05-11T21:12:05","slug":"database-attack","status":"publish","type":"post","link":"https:\/\/x-phy.com\/database-attack\/","title":{"rendered":"Database Attack &#8211; A Use Case in the Healthcare Industry"},"content":{"rendered":"<p>As <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">healthcare cyberattacks<\/a> continue to grow in numbers and advancement, healthcare organizations need to revise their <a href=\"https:\/\/x-phy.com\/solutions\/\">cybersecurity posture.<\/a> Price Health is one of the most reputable healthcare institutions with multiple clinics or\u00a0<a href=\"https:\/\/x-phy.com\/category\/blog\/sector-specific-use-cases-blog\/\" target=\"_blank\" rel=\"noopener\">healthcare<\/a>\u00a0centers across Korea that provides advanced medical support and equipment.<\/p>\n<p>Kathy, a medical supervisor, working at the frontline service, which has access to all <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">patient information<\/a> from Price Health\u2019s internal server, has received a series of fraudulent email alerts from the IT team to change her password via a provided link for security purposes. Such <a href=\"https:\/\/x-phy.com\/glossary\/credential-theft\/\">phishing emails<\/a> are a common <a href=\"https:\/\/x-phy.com\/glossary\/attack-vectors\/\">attack vector<\/a> in <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">healthcare cyberattacks<\/a>. Considering it a priority, she proceeded to click on the link and changed her password via a phishing site that resembles the legitimate company\u2019s website.<\/p>\n<p>Unknowingly, her workstation (client terminal) has been attacked with <a href=\"https:\/\/x-phy.com\/glossary\/data-encryption\/\">encrypted malware<\/a>, which was embedded in a legitimate SSL certificate. Since the <a href=\"https:\/\/x-phy.com\/glossary\/ransomware-attacks\/\">malware<\/a> is encrypted, it bypasses the <a href=\"https:\/\/x-phy.com\/solutions\/zero-trust\/\">network firewall\/IPS\/IDS<\/a> in the network. The\u00a0<a href=\"https:\/\/x-phy.com\/\" target=\"_blank\" rel=\"noopener\">antivirus solution<\/a>\u00a0has also been avoided as the attacker used a mix of open-source and modified tools to stealth the malware, launching one of the many <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">healthcare cyberattacks.<\/a><\/p>\n<p>The malware began its operation and attempted to clone all database entries from the central internal server that contains the <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">patient records<\/a> into the command and control center. These accelerated I\/O operations led to a continuous reading in the firmware core of X-PHY\u00ae. However, <a href=\"https:\/\/x-phy.com\/products\/endpoint-security\/secure-ssd\/\">X-PHY\u00ae<\/a> trusts no one. It uses a robust AI algorithm that continually monitors all the operations at the firmware kernel level, leading to the detection of this unusual trait of increased reads in the flash storage.<\/p>\n<p>The AI algorithm then triggered the X-Guard threat lock to restrict physical access to the NAND flash storage and lock down the data at the firmware level. Alert notifications are immediately sent via a secured Ethernet network gateway that supports pre-configured Bluetooth (BLE) to warn the <a href=\"https:\/\/x-phy.com\/products\/enterprise\/server-defender\/\">security operations center<\/a> and the network team to restrict all external network access to the database, followed by access filtering from the internal network. The X-factor encryption lock feature will be activated to request\u00a0<a href=\"https:\/\/x-phy.com\/glossary\/data-compliance\/\" target=\"_blank\" rel=\"noopener\">2FA verification<\/a>\u00a0to unlock the data. Through these features, X-PHY can help reduce <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">healthcare cyberattacks.<\/a><\/p>\n<h4><strong>X-PHY Protection Method<\/strong><\/h4>\n<p>1. Guardian Pro-X and Security Scout features within the X-Guard Threat Lock use AI at the firmware level to survey a large amount of data in real-time to detect malicious behavior characteristics like illegal data cloning activity.<\/p>\n<p>2. X-Factor Encryption lock feature triggers data lockdown to prevent the attacker from accessing it and activates the Keycode 2-factor.<\/p>\n<p>3. X-PHY\u00ae enters safe mode and asks for a password to complete the 2-factor authentication.<\/p>\n<p>4. While these events are occurring, the X-File Forensic Agent feature actively monitors these events on X-PHY\u00ae.<\/p>\n<p>5. The X-PHY\u00ae Forensic Agent is categorized into Forensic front-end and Forensic back-end. The front-end monitors the I\/O requests, data writing average, LBA hashing tables, accumulative I\/Os, etc. while the back-end parses monitored events for these attributes as it takes care of the alert notifications, detection of threats, behavioral analysis of threats, etc.<\/p>\n<p>6. Active Detective feature logs the operations in the time domain during the monitoring window of I\/O\u2019s request like LBA block read\/write style and the data inward\/outward flow in a hash table.<\/p>\n<p>7. Deep Investigation feature helps to further analyze the modification and stealth techniques adopted for data exfiltration by malware to improve the self-training AI algorithm.<\/p>\n<p>The <a href=\"https:\/\/x-phy.com\/solutions\/healthcare-cybersecurity\/\">healthcare cyberattacks<\/a> can thus be prevented with the right tools.\u00a0<\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"644\" height=\"430\" src=\"https:\/\/x-phy.com\/wp-content\/uploads\/innfographics_page10.png\" alt=\"\" srcset=\"https:\/\/x-phy.com\/wp-content\/uploads\/innfographics_page10.png 644w, https:\/\/x-phy.com\/wp-content\/uploads\/innfographics_page10-450x300.png 450w, https:\/\/x-phy.com\/wp-content\/uploads\/innfographics_page10-300x200.png 300w\" sizes=\"(max-width: 644px) 100vw, 644px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As healthcare cyberattacks continue to grow in numbers and advancement, healthcare organizations need to revise their cybersecurity posture. Price Health is one of the most reputable healthcare institutions with multiple [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":6330,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-6328","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-use-cases"],"_links":{"self":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/6328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/comments?post=6328"}],"version-history":[{"count":0,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/6328\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/media\/6330"}],"wp:attachment":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/media?parent=6328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/categories?post=6328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/tags?post=6328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}