Skip to Main Content


In this chapter, you will learn to

  • Understand the anatomy of an external cybersecurity attack using an organized approach

  • Appreciate the cyber operations application of risk management frameworks

  • Comprehend what a detection capability can provide for risk mitigation

  • Understand incident response and recovery for the entire organization

  • Apply tailored risk assessment consideration and balance to compensating controls in healthcare

Healthcare has seen a tremendous explosion of technology become integrated into the everyday care of patients. Traditional computing of desktops, laptops, and servers centrally managed by the information technology (IT) department is rapidly evaporating. Smartphones, medical devices, and so on, are blurring the lines of computing and communications capabilities, spreading information from countless sources all over the network. The result is that professionals outside of traditional IT are involved in security at all levels. Most healthcare organizations are delivering care 24 hours a day, which means that the network is humming all the time. Personal health information (PHI) is also being stored, accessed, and transmitted continuously. So we have the ingredients of a critical mission, many different perspectives, a large network footprint, and personal information coming from everywhere to make a recipe for the perfect storm for cybersecurity.

In this chapter, we tackle this difficult challenge in a practical manner given the resources and tools available. The anatomy of a cyberattack will be laid out to better understand the problem. For many healthcare privacy and security professionals, this may be their first up-close look at cybersecurity attacks in action. Finally, a practitioner's view of applying risk management frameworks for protecting a network will be provided.

The Attack

In cybersecurity we tend to focus on ourselves because the attackers seem almost like mythical creatures that come to pillage and plunder while we are not looking. The immediate reaction is to fortify our defenses and stop this injustice. However, this is only one side of the equation, and we must give an equal amount of consideration to the adversary. The anatomy of a cyberattack is illustrated in Figure 11-1 and referenced throughout the rest of the chapter.

Figure 11-1

Overview of the anatomy of a cyberattack

The Anatomy of a Cyberattack

The procedure outlined in Figure 11-1 is the result of incorporating several best-practice framework descriptions of cyber events, such as Lockheed Martin's "Cyber Kill Chain," a term that is actually borrowed from commonly used jargon in the United States Air Force when it references a mission such as an air strike that will be launched from far away.1 In cybersecurity, the term has long been applied to the surface area of attack by external threats. The way the Air Force describes the kill chain process is similar to how cyberattacks happen, as most of the adversaries against ...

Pop-up div Successfully Displayed

This div only appears when the trigger link is hovered over. Otherwise it is hidden from view.