Mar 23, 2021

The Incoming Threat Part 3: Why Healthcare Providers Need a Unified Platform to Fight Ransomware Attacks

Legacy tools are failing healthcare providers, but there is a modern solution to help combat ransomware

By Marc Moring, Director of Strategic Accounts, Tanium

Ransomware moves fast.

If you suffer an attack, you will not have time to spin up new security tools.

As a result, healthcare IT & security teams will have to defend against the attack with the tools they have in place.

If these tools are deployed and configured correctly, you might be able to stop the attack and evict the adversary.

If you have point solutions, or worse, your tools have been incorrectly deployed or configured, you will be forced to deal with the fallout of the damage left behind.

This article will highlight why healthcare providers should leverage a unified platform to improve their risk posture.

This blog is the final article in a three-part series about healthcare and ransomware.

In Part 1 of this series, we explored why healthcare providers must take ransomware seriously and why they must adopt a new response to the threat.

In Part 2 of this series, we explored what a typical ransomware attack looks like and the five steps healthcare providers must take to defend against these attacks.

In this article, we explore:

  • Why healthcare providers cannot defend themselves with legacy tools.
  • How Tanium corrects the fundamental problems with these legacy tools and approaches.
  • How multiple healthcare providers have used the Tanium Platform to improve their security and IT hygiene.

Let’s complete our conversation.

New problem, old solution: Why legacy tools fail against ransomware

The problem with legacy tools is simple.

They were designed to secure legacy healthcare environments.

Those legacy environments were:

  • Small. Healthcare providers deployed a relatively low volume of assets. They still did most work manually and didn’t use too many devices or applications.
  • Simple. Those assets were provisioned by IT and lived on-premises. IT knew what assets were in their environment at all times and what they were doing.
  • Static. Healthcare asset environments did not change too often. Any new device, application or update was provisioned slowly and with oversight.

At the same time, legacy healthcare environments faced relatively predictable, unsophisticated threats and required fewer capabilities to defend against.

But times have changed.

Healthcare providers now operate in modern asset environments.

These modern environments are:

  • Large. Healthcare providers now deploy a large volume of assets. Frontline workers now perform most of their work on devices and applications.
  • Complex. These assets are often provisioned by users and live off-network. IT does not know what assets are in their environment or what they are doing.
  • Chaotic. Healthcare asset environments are now changing rapidly. New devices, applications and updates are deployed quickly and without IT’s knowledge.

Simultaneously, modern healthcare environments face threats — like ransomware — which are unpredictable, sophisticated and require many capabilities to remediate.

And when healthcare providers rely on legacy tools to defend their modern environments against modern threats like ransomware, those tools typically fail.

They deliver stale data, misconfigured systems and lack visibility, which creates blind spots for attackers to hide within.

They are unable to perform simple actions like patches and updates to assets.

And they force healthcare providers to deploy a large number of isolated point solutions that are expensive and complex to operationalize and struggle to integrate.

In sum: Legacy tools fail because they were designed for legacy environments only and provide a subset of controls.

To defend their modern asset environments, providers must deploy unified platforms to meet these ever-changing landscapes.

Meet Tanium: Modern platform for IT and security to help combat ransomware

Tanium’s premise is to help secure and manage modern asset environments.

Tanium takes a different approach when compared to many healthcare organizations’ current strategies. The Tanium platform addresses the challenges healthcare providers face when leveraging legacy tools to secure and manage their modern asset environments against ransomware.

By leveraging Tanium against ransomware, healthcare providers can:

  • Perform continuous scanning of their asset environment to establish and maintain real-time visibility into devices, applications and users. Tanium leverages unique techniques to find “hidden” assets that legacy tools miss and typically discovers 10 — 20 percent more assets than organizations knew they had.
  • Establish and maintain better IT hygiene. Tanium leverages distributed edge computing to apply — and validate — large-scale patches, updates, configurations, and other fundamental controls. For example, Tanium can produce 99 percent patch visibility within 24 hours of installation.
  • Perform incident response within a single, unified platform. Tanium offers most of the core capabilities required to detect, investigate and remediate ransomware threats in one tool. These capabilities will work well together, operate from the same data and drive a collaborative response.

In short: Tanium provides a holistic defense against ransomware attacks.

And this is not theory.

Many healthcare providers already deploy Tanium to help secure their asset environments.

Here are a few examples.

  • One provider needed to quickly and easily discover — and report on — medical devices in their environment while also increasing their patch compliance past 70 percent. They used Tanium to augment their SCCM deployment and discover medical devices in their environment to patch their systems rapidly.
  • One provider knew they had 20,000+ assets in their environment and were not managing approximately 25 percent of them. They used Tanium to bring these unmanaged assets under control. They also found many unknown assets in their environment and learned 75 percent of their assets had open vulnerabilities.
  • One provider could not perform effective crisis management because they lacked comprehensive visibility into their assets. They used Tanium to account for their endpoints, proactively hunt for malware, and deliver real-time forensic data to their SIEM tool for incident analysis.

While the security leaders at these healthcare providers leveraged a wide range of Tanium’s capabilities to raise their defenses against ransomware, they found the following solution most effective.

Asset Discovery and Inventory

Provided the ability to know what endpoints and applications were in their environment at all times — even as their environment rapidly changed.

Patch and Software Management

Provided the ability to apply large-scale patches and software installation and updates to their distributed endpoints in minutes or hours.

Vulnerability and Configuration Management

Provided the ability to find open vulnerabilities, breaks in compliance, and policy misconfigurations and remediate issues.

Incident Response

Provided a comprehensive suite of unified capabilities to detect, investigate, and remediate incidents rapidly

Healthcare providers rapidly spin up these solutions — and more — by leveraging Tanium’s single-agent, lightweight architecture and cloud-based offering.

Through Tanium, they gained a unified platform that contained the core security capabilities. They used Tanium to fill the gaps in their existing security posture and spin up a new, end-to-end ransomware defense from a single solution.

Build your defense against ransomware

In this series, we have outlined a comprehensive strategy to combat ransomware.

To recap:

  • First, take a proactive approach. By the time you suffer a ransomware attack, it is too late. You must develop a strong negotiating position — and the ability to remediate a ransomware attack — before you feel you need to.
  • Second, develop the right capabilities. Ransomware is a complex, multistage attack. “There is no one silver bullet.” To combat it, you must establish real-time visibility, pristine IT hygiene and incident response capabilities.
  • Finally, deploy modern security tools. Legacy tools cannot secure modern environments against fast, complex threats like ransomware. You must deploy tools built to match the speed and scale of your modern asset environment.

Now, it’s time to take action.

Review your ability to defend against ransomware.

Kickstart your plans to develop the capabilities to combat this threat.


Contact us and schedule a demo to see if Tanium is the right tool to drive your ransomware defenses.