By AI Trends Staff
The WannaCry ransomware attack infected hundreds of thousands of computers in more than 150 countries in 2017, bringing several industries to their knees with malicious software designed to block access to files until a “ransom” was paid.
One industry hit hard was health care, including the National Health Service (NHS) in the U.K. and Merck in the U.S. One study found that last year, 78 percent of health-care providers reported a ransomware or malware attack. Health care data is a target for malware bad actors.
But health-care systems like hospitals and insurance providers are starting to fight back with powerful security tools using AI and machine learning, according to an account in The Week.
Healthcare providers are starting to figure out hacker patterns and blocking them before they can get their hands on patient records or data. They’re also saying goodbye to vulnerable passwords and relying on more secure methods, like biometrics such as fingerprints and eyeball scans.
Aetna is one early adopter of machine learning. The health insurance company replaced passwords with a behavior-based security system and some biometric protections in its consumer-facing apps. It put machine learning at the forefront by developing a risk engine that combines multiple pieces of data to authenticate users. This risk engine collects personal information, ranging from the operating system and apps you use to how you text or move within the application. It creates an individual risk score, which can change.
For example, if someone steals your smartphone, hackers won’t be able to log into Aetna’s app because the risk engine knows they’re suspiciously holding the phone differently than you do. It will then demand additional authentication information, like a PIN or fingerprint, which the hacker won’t have.
Aetna has launched a new security system for its consumer mobile and web apps that, in something of a twist, makes passwords optional.
Instead of a password or fingerprint being the only barrier to entry, Aetna’s new behavior-based security system monitors user devices and how and where a consumer uses that machine. Consumers can add biometric protection available on their devices.
“Passwords are a mainstay of conventional online authentication and are considered to be a binary control – if a consumer has the user ID and password, they are enabled to use the application,” said Jim Routh, chief security officer at Aetna, quoted in Healthcare IT News. “Binary authentication controls work well when the assumption is that only the consumer has the password and remembers it. That assumption, however, is no longer valid.”
“Criminals exchange passwords on the Dark Web and use a technique called credential stuffing to apply passwords to targeted web domains and automatically attempt authentication for tens of thousands of compromised passwords,” Routh explained. “Criminals are able to achieve a two percent hit ratio of account takeover using credential stuffing, helped by the fact that consumers reuse passwords across sites.”
Consequently, passwords are becoming obsolete as a primary means of authentication. Enterprises need to change their thinking on the use of binary controls in an authentication event at the initiation of an online interaction with a consumer and consider using many different attributes to confirm authentication, Routh said.