Safeguarding Healthcare: Prescribing Strategies to Mitigate Digital Threats

Imani Tate
October 19, 2023
#Healthcare

In today's digital age, the healthcare sector is undergoing a rapid transformation. Innovative technologies are enhancing patient care and streamlining operations, but they also bring significant cybersecurity challenges. Healthcare organizations, both public and private, must address these evolving threats to protect critical systems and patient data.

Healthcare has long been a target for cyber threats, with malicious actors becoming more sophisticated over time. The growing use of healthcare technology, including telehealth services and wearable devices, has expanded the attack surface, making robust cybersecurity essential. The primary threats healthcare organizations face are malware and ransomware attacks, which can disrupt vital operations.

This blog, based on a recent conversation I had with Amber Pearson, Executive Director of Information Security Policy, VA at a Health IT Summit panel, will unpack how healthcare organizations – both in the public and private sectors – can ward off emerging cybersecurity threats.

Zero Trust: A fundamental shift

One essential cybersecurity strategy is the adoption of the Zero Trust model. Zero Trust is based on the principle of "never trust, always verify." This approach doesn't automatically trust any entity, whether it's a user, device, or network, based on location or past access. Every access attempt must be verified and validated before entry.

Zero Trust consists of several core components:

  • Identity Verification: Users and devices must verify their identity using multi-factor authentication or biometrics.
  • Least Privilege Access: Users and devices only get minimal access required, limiting potential damage in the event of a breach. MongoDB's role-based access control features can help enforce the principle of least privilege, ensuring that users and devices only have access to the specific data and functionality necessary for their roles.
  • Micro-Segmentation: Dividing the network into smaller segments to contain potential threats.
  • Continuous Monitoring: Real-time analysis of network traffic to detect abnormal behavior. MongoDB's scalability and flexibility make it suitable for storing and analyzing large volumes of logs and events, helping identify and respond to suspicious activities promptly.
  • Assumption of Breach: Operating with the assumption that a breach has occurred or could happen at any time.

MongoDB can assist in implementing Zero Trust by securely managing patient data and providing a flexible and scalable data storage solution for healthcare applications, including telehealth services, wearable devices, and interconnected systems. It ensures strict control and monitoring of access to patient data, even for users within the network, and third-party vendors and contractors must adhere to the same stringent security standards when accessing healthcare data. Zero Trust is not just a product or service but a comprehensive strategy that demands constant vigilance and a shift in the approach to cybersecurity.

Balancing security and interoperability

Interoperability in healthcare refers to different systems and devices exchanging data effectively. It's crucial for modernizing healthcare systems and delivering high-quality care. However, interoperability introduces complexity and risk in terms of cybersecurity.

Interoperability means more potential pathways for cyber threats. Attackers can exploit vulnerabilities in any connected device or system to gain unauthorized access to sensitive healthcare data. To address this, healthcare organizations should:

  • Security by Design: Collaborate with vendors to embed security in system design, including rigorous testing and encryption. MongoDB's built-in flexible security features ensure that data is protected at the database level, and its encryption capabilities can safeguard sensitive healthcare information.
  • Continuous Monitoring: Actively watch for anomalies, unauthorized access attempts, or unusual behavior across interconnected systems. MongoDB can play a pivotal role in storing and analyzing logs and event data, facilitating real-time monitoring and threat detection.
  • Risk Assessment: Assess risks associated with each device, system, or vendor within the interoperable ecosystem. MongoDB's role-based access control and auditing features can help organizations assess and mitigate risks tied to data access and manipulation.

Interoperability enhances patient care but introduces security challenges. A proactive and collaborative approach is essential to mitigate these risks, protecting patient data in an interconnected healthcare landscape. MongoDB is an ideal partner for healthcare interoperability due to its flexibility, scalability, and robust security features. Most importantly, its document-based architecture allows healthcare systems to seamlessly integrate diverse data sources, such as electronic health records, medical imaging, and patient data, fostering interoperability. The database's ability to handle complex, unstructured data makes it well-suited for the diverse data types prevalent in healthcare.

Don't discount insider threats

Insider threats involve individuals with legitimate access to healthcare systems who misuse data maliciously. To combat these threats, organizations must actively monitor information systems and collaborate with organizations like the Cybersecurity and Infrastructure Security Agency (CISA) for additional defense.

The proliferation of devices and remote work introduces new challenges. Enforcing strict cyber hygiene for all connected devices is vital. Promoting a security-first culture prioritizes open communication, collaboration, and proactive measures. Building organizational resilience, with open communication, regular risk assessments, and engagement at all levels, creates a robust cybersecurity posture.

In conclusion, technological advancement in healthcare must align with a robust cybersecurity strategy. Embracing Zero Trust, balancing security with interoperability, addressing insider threats, and building organizational resilience are essential steps. By promoting a security-first culture and prioritizing cyber hygiene, healthcare organizations can protect patient data and maintain the seamless operation of healthcare facilities in the face of evolving cyber threats.

Visit our Trust Center to learn more about MongoDB's dedication to data security

Read our whitepaper Cybersecurity: Building the Next Generation of Threat Intelligence with MongoDB to learn more about cybersecurity and MongoDB.

← Previous

Vector Search and LLM Essentials - What, When and Why

This post is also available in: Deutsch , Français , Español , Português Vector search and, more broadly, Artificial Intelligence (AI) are more popular now than ever. These terms are arising everywhere. Technology companies around the globe are scrambling to release vector search and AI features in an effort to be part of this growing trend. As a result, it's unusual to come across a homepage for a data-driven business and not see a reference to vector search or large language models (LLMs). In this blog, we'll cover what these terms mean while examining the events that led to their current trend. Check out our AI resource page to learn more about building AI-powered apps with MongoDB. What is vector search Vectors are encoded representations of unstructured data like text, images, and audio in the form of arrays of numbers. Figure 1: Data is turned into vectors by embedding models These vectors are produced by machine learning (ML) techniques called "embedding models". These models are trained on large corpuses of data. Embedding models effectively capture meaningful relationships and similarities between data. This enables users to query data based on the meaning rather than the data itself. This fact unlocks more efficient data analysis tasks like recommendation systems, language understanding, and image recognition. Every search starts with a query and, in vector search, the query is represented by a vector. The job of vector search is finding, from the vectors stored on a database, those that are most similar to the vector of the query. This is the basic premise. It is all about similarity . This is why vector search is often called similarity search. Note: similarity also applies to ranking algorithms that work with non-vector data. To understand the concept of vector similarity, let’s picture a three-dimensional space. In this space, the location of a data point is fully determined by three coordinates. Figure 2: Location of a point P in a three-dimensional space In the same way, if a space has 1024 dimensions, it takes 1024 coordinates to locate a data point. Figure 3: Point P in a sphere that represents a multi-dimensional space Vectors also provide the location of data points in multidimensional spaces. In fact, we can treat the values in a vector as an array of coordinates. Once we have the location of the data points — the vectors — their similarity to each other is calculated by measuring the distance between them in the vector space. Points that are closer to each other in the vector space represent concepts that are more similar in meaning. For example, "tire" has a greater similarity to "car" and a lesser one to "airplane." However, "wing" would only have a similarity to "airplane." Therefore, the distance between the vectors for “tire” and “car” would be smaller than the distance between the vectors for “tire” and “airplane.” Yet, the distance between “wing” and “car” would be enormous. In other words, “tire” is relevant when we talk about a “car,” and to a lesser extent, an “airplane.” However, a “wing” is only relevant when we talk about an “airplane” and not relevant at all when we talk about a “car” (at least until flying cars are a viable mode of transport). The contextualization of data — regardless of the type — allows vector search to retrieve the most relevant results to a given query. A simple example of similarity Table 1: Example of similarity between different terms What are Large Language Models? LLMs are what bring AI to the vector search equation. LLMs and human minds both understand and associate concepts in order to perform certain natural language tasks, such as following a conversation or understanding an article. LLMs, like humans, need training in order to understand different concepts. For example, do you know what the term “corium” pertains to? Unless you're a nuclear engineer, probably not. The same happens with LLMs: if they are not trained in a specific domain, they are not able to understand concepts and therefore perform poorly. Let’s look at an example. LLMs understand pieces of text thanks to their embedding layer. This is where words or sentences are converted into vectors. In order to visualize vectors, we are going to use word clouds. Word clouds are closely related to vectors in the sense that they are representations of concepts and their context. First, let’s see the word cloud that an embedding model would generate for the term “corium” if it was trained with nuclear engineering data: Figure 4: Sample word cloud from a model trained with nuclear data As shown in the picture above, the word cloud indicates that corium is a radioactive material that has something to do with safety and containment structures. But, corium is a special term that can also be applied to another domain. Let’s see the word cloud resulting from an embedding model that has been trained in biology and anatomy: Figure 5: Sample word cloud from a model trained with biology data In this case, the word cloud indicates that corium is a concept related to skin and its layers. What happened here? Is one of the embedding models wrong? No. They have both been trained with different data sets. That is why finding the most appropriate model for a specific use case is crucial. One common practice in the industry is to adopt a pre-trained embedding model with strong background knowledge. One takes this model and then fine-tunes it with the domain-specific knowledge needed to perform particular tasks. The quantity and quality of the data used to train a model is relevant as well. We can agree that a person who has read just one article on aerodynamics will be less informed on the subject than a person who studied physics and aerospace engineering. Similarly, models that are trained with large sets of high-quality data will be better at understanding concepts and generate vectors that more accurately represent them. This creates the foundation for a successful vector search system. It is worth noting that although LLMs use text embedding models, vector search goes beyond that. It can deal with audio, images, and more. It is important to remember that the embedding models used for these cases share the same approach. They also need to be trained with data — images, sounds, etc. — in order to be able to understand the meaning behind it and create the appropriate similarity vectors. When was vector search created? MongoDB Atlas Vector Search currently provides three approaches to calculate vector similarity. These are also referred to as distance metrics, and consist of: euclidean distance cosine product dot product While each metric is different, for the purpose of this blog, we will focus on the fact that they all measure distance. Atlas Vector Search feeds these distance metrics into an approximate nearest neighbor (ANN) algorithm to find the stored vectors that are most similar to the vector of the query. In order to speed this process up, vectors are indexed using an algorithm called hierarchical navigable small world (HNSW). HNSW guides the search through a network of interconnected data points so that only the most relevant data points are considered. Using one of the three distance metrics in conjunction with the HNSW and KNN algorithms constitutes the foundation for performing vector search on MongoDB Atlas. But, how old are these technologies? We would think they are recent inventions by a bleeding-edge quantum computing lab, but the truth is far from that. Figure 6: Timeline of vector search technologies Euclidean distance was formulated in the year 300 BC, the cosine and the dot product in 1881, the KNN algorithm in 1951, and the HNSW algorithm in 2016. What this means is that the foundations for state-of-the-art vector search were fully available back in 2016. So, although vector search is today’s hot topic, it has been possible to implement it for several years. When were LLMs created? In 2017, there was a breakthrough: the transformer architecture . Presented in the famous paper Attention is all you need , this architecture introduced a neural network model for natural language processing (NLP) tasks. This enabled ML algorithms to process language data on an order of magnitude greater than was previously possible. As a result, the amount of information that could be used to train the models increased exponentially. This paved the way for the first LLM to appear in 2018: GPT-1 by OpenAI. LLMs use embedding models to understand pieces of text and perform certain natural language tasks like question answering or machine translation. LLMs are essentially NLP models that were re-branded due to the large amount of data they are trained with — hence the word large in LLM. The graph below shows the amount of data — parameters — used to train ML models over the years. A dramatic increase can be observed in 2017 after the transformer architecture was published. Figure 7: Parameter count of ML systems through time. Source:   towardsdatascience.com Why are vector search and LLMs so popular? As stated above, the technology for vector search was fully available back in 2016. However, it did not become particularly popular until the end of 2022. Why? Although the ML industry has been very active since 2018, LLMs were not widely available or easy to use until OpenAI’s release of ChatGPT in November 2022. The fact that OpenAI allowed everyone to interact with an LLM with a simple chat is the key to its success. ChatGPT revolutionized the industry by enabling the average person to interact with NLP algorithms in a way that would have otherwise been reserved for researchers and scientists. As can be seen in the figure below, OpenAI’s breakthrough led to the popularity of LLMs skyrocketing. Concurrently, ChatGPT became a mainstream tool used by the general public. The influence of OpenAI on the popularity of LLMs is also evidenced by the fact that both OpenAI and LLMs had their first popularity peak simultaneously. (See figure 8.) Figure 8: Popularity of the terms LLM and OpenAI over time. Source: Google Trends Here is why. LLMs are so popular because OpenAI made them famous with the release of ChatGPT. Searching and storing large amounts of vectors became a challenge. This is because LLMs work with embeddings. Thus the adoption of vector search increased in tandem. This is the largest contributing factor to the industry shift. This shift resulted in many data companies introducing support for vector search and other functionalities related to LLMs and the AI behind them. Conclusion Vector search is a modern disruptor. The increasing value of both vector embeddings and advanced mathematical search processes has catalyzed vector search adoption to transform the field of information retrieval. Vector generation and vector search might be independent processes, but when they work together their potential is limitless. To learn more visit our Atlas Vector Search product page. To get started using Vector Search, head over to our quick-start guide .

October 16, 2023
Next →

MongoDB Database Observability: Integrating with Monitoring Tools

This post is the final in a three-part series on leveraging database observability. Welcome back to our series on Leveraging Database Observability! Our previous post showcased a real-world use case highlighting how MongoDB Atlas’s observability tools effectively tackle database performance challenges. Whether you’re a developer, DBA, or DevOps engineer, our mission is to empower you to harness the full potential of your data through our observability suite . Integrating Atlas metrics with your central enterprise observability tools can simplify your operations. By seamlessly working with popular observability tools, our approach helps teams streamline workflows and enhance visibility across systems. Integrating MongoDB Atlas with third-party monitoring tools MongoDB’s developer data platform combines all essential data services for building modern applications within a unified experience. Our purpose-built observability tools for Atlas environments offer automatic monitoring and optimization, guiding diagnostics tailored specifically for MongoDB. Additionally, we extend Atlas metrics into your existing enterprise observability stack, enabling seamless integration without replacing your current tools. This creates a consolidated, single-pane view that unifies Atlas telemetry with other tech and application metrics, ensuring comprehensive visibility into both database and full-stack performance. This integration empowers you to monitor, receive alerts, and make data-driven decisions within your existing workflows, driving greater efficiency. Below is a quick guide to modifying integration settings through the Atlas UI and the popular integrations we support: Navigate to the Project Integrations page in Atlas. Choose the organization and project you want to configure from the navigation bar. On the Project Integrations page, select the third-party services you’d like to integrate. Configure the chosen services with the required API keys and regions. Critical integrations for your observability platform With Atlas’s Datadog and Prometheus integrations, you can send critical MongoDB metrics to these platforms, empowering detailed, real-time monitoring. Through Datadog , you can track database operation counts, query efficiency, and resource usage, ideal for pinpointing bottlenecks and managing resources. Similarly, Prometheus enables you to monitor essential metrics like query times, connection rates, and memory usage, supporting flexible tracking of database health and performance. Both integrations facilitate proactive detection of issues, alert configuration for resource thresholds, and a cohesive view of Atlas data when visualized in Grafana. Atlas’s integration with PagerDuty streamlines incident management by sending metrics like performance alerts, billing anomalies, and security events directly to PagerDuty. This integration records incidents automatically, notifies teams upon alerts, and supports two-way syncing, ensuring resolved alerts in Atlas are reflected in PagerDuty. It enables efficient incident response and resource allocation to maintain system stability. With Atlas integrations for Microsoft Teams and Slack, you can route key metrics—such as query latency, disk usage, and throughput—to these channels for timely updates. Teams can use these insights for real-time performance monitoring, incident response, and collaboration. Notifications through these platforms ensure your team stays informed on database performance, storage health, and user activity changes as they occur. Use case: Centralized observability with MongoDB Atlas, Datadog, and Slack Let’s walk through a hypothetical scenario for ShopSmart, an e-commerce company that leverages MongoDB Atlas to manage its product catalog and customer data. As traffic surges, the DevOps team faces challenges in monitoring application performance and database health effectively. To tackle these challenges, the team leverages MongoDB Atlas’ integration with Datadog and Slack, creating a powerful observability ecosystem. Integrating MongoDB Atlas with Datadog: The team pushes key MongoDB Atlas metrics into Datadog, such as query performance, connection counts, and Atlas Vector Search metrics. With Datadog, they can visualize these metrics and correlate overall MongoDB performance with their other applications. Out-of-the-box monitors and dedicated dashboards allow the team to track metrics like throughput, average read/write latency, and current connections. This visibility helps pinpoint bottlenecks in real time, ensuring optimal database performance and improving overall application responsiveness. Setting up alerts in Datadog: The team configures alerts for critical metrics like high query latency and increased error rates. When thresholds are breached, Datadog instantly notifies the team. This proactive approach allows the team to address potential performance issues before they impact customers. Integrating Datadog with Slack: To ensure fast communication, alerts are sent directly to the dedicated Slack channel, “ShopSmart-Alerts.” This integration fosters seamless collaboration, enabling the team to discuss and resolve issues in real-time. With these integrations, ShopSmart’s engineering team can monitor performance quickly and address issues efficiently. The unified observability approach enhances operational efficiency, improves the customer experience, and supports ShopSmart’s competitive edge in the e-commerce industry. By leveraging MongoDB Atlas, Datadog, and Slack, the team ensures scalable performance and drives continuous innovation. Conclusion MongoDB Atlas empowers developers and organizations to achieve unparalleled observability and control over their database environments. By seamlessly integrating with central enterprise observability tools, Atlas enhances your ability to monitor performance metrics and ensures you can do so within your existing workflows. This means you can focus on building modern applications confidently, knowing you have the insights and alerts necessary to maintain optimal performance. Embrace the power of MongoDB Atlas and transform your approach to database management—because your applications can thrive when your data is observable. And that wraps up our Leveraging Database Observability series! We hope you learned something new and found value in these discussions. Sign up for MongoDB Atlas , our cloud database service, to see database observability in action. To dive deeper and expand your knowledge, check out this learning byte for more insights on the MongoDB observability suite and how it can enhance your database performance.

November 14, 2024