by Chloe Bowen Chief of Staff
Article filed in

What is an advanced persistent threat (APT)?

by Chloe Bowen Chief of Staff

What Is an Advanced Persistent Threat (APT)? - Paubox

The term advanced persistent threat, or APT, refers to a cyberattack that aims to compromise and steal data or take over direct surveillance of a system for an extended period of time. 

Generally speaking, hackers have a specific goal in mind, with planned steps to breach a system and steal sensitive information for financial or political gain. Attackers often create APTs that hide under the radar for a prolonged period of time. Detection often occurs at an “advanced” stage within the attack, after a breach has been happening for months or even years. 

Advanced persistent threats cause extensive privacy breaches

The National Institute of Standards and Technology for the U.S. Department of Commerce (NIST) defines an advanced persistent threat as “an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors including, for example, cyber, physical, and deception.”  

It goes on to define the basis of most APT objectives as “establishing and extending footholds within the IT infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization, or positioning itself to carry out these objectives in the future.” 

 A system takeover from an advanced persistent threat can have destructive short and long-term effects on a company. This is especially true for organizations that house sensitive data, such as social security numbers or credit card information. 

For healthcare providers dealing with electronic protected health information (ePHI), an advanced persistent threat can be extremely troubling. Any compromise in the ePHI system, including unauthorized access or stolen medical records and sensitive patient information, can lead to a HIPAA violation.

SEE ALSO: The Complete Guide to HIPAA Violations

Advanced persistent threats and zero day exploits

 The U.S. Department of Health and Human Services (HHS) defines an advanced persistent threat as a “long-term cybersecurity attack that continuously attempts to find and exploit vulnerabilities in a target’s information systems,” and it emphasizes caution around zero day exploits. A zero day exploit takes over an organization’s systems through unknown vulnerabilities that are often found in hardware, software or firmware. Hackers perform background research prior to beginning their attack to find this kind of unsecured threat vector

The combination of both the zero day exploit and an APT can cause irreversible damage to an organization’s most critical systems, attacking a multitude of interconnected networks throughout an organization in one fell swoop. 

In 2017, The United Kingdom’s National Health Service was devastated by the WannaCry cyberattack, an advanced persistent threat that infected up to 70,000 different devices across a multitude of systems throughout 150 different countries, including the United States and Canada. 

This attack forced the NHS to turn away patients for non-urgent care due to its inability to access patient records that had been breached.

Security measures for covered entities

Even if the information under attack was not directly stolen, you are required to contact HHS to report an advanced persistent threat right away, much in the same way you would notify them of a data breach

According to HHS, the notification must include “the nature and extent of the health information involved,” along with details on whether the information was viewed or accessed, and mitigation plans to prevent such attacks in the future. From there it is determined whether or not the media needs to be involved in the notification process. 

SEE ALSO: How to Avoid a HIPAA Corrective Action Plan

Whether or not your business has experienced an APT, it is imperative that you have a plan in place to mitigate the risk of attack, such as:

  • Implementing and maintaining a risk management system that identifies various levels of vulnerabilities throughout your hardware and software
  • Performing weekly system audits that identify and track changes or abnormalities
  • Limiting employee access to ePHI
  • Encrypting all ePHI and email containing sensitive patient information
  • Establishing a security protocol training program to teach employees how to identify and report abnormal activity in your system
  • Conducting periodic risk analyses
  • Developing a disaster recovery plan

 APTs remain a hot-button issue in healthcare

As the healthcare digital transformation continues, many companies are moving to electronic systems for both patient records and correspondence. Understanding cybersecurity risks and adding the right tools to your digital arsenal helps you protect ePHI. 

SEE ALSO: How and Why to Transition Your Healthcare Business to the Cloud

Paubox Email Suite provides HIPAA compliant email by default to help you avoid  an advanced persistent threat as well as other cybersecurity threats.

Paubox’s convenient solution integrates with both Google Workplace and Microsoft 365 to protect your messages. You won’t have to think about which messages to secure because all emails are encrypted by default. The recipient reads the encrypted messages directly from their inbox, avoiding extra steps such as portal logins or passwords. 

With the Paubox Email Suite Plus plan, all inbound messages are secure as well which ensures that they are free of viruses or malware

Try Paubox Email Suite for FREE today.