Use Case in the Healthcare Industry

Price Health is one of the most reputable healthcare institutions with multiple clinics or healthcare centers across Korea that provides advanced medical support and equipment.
Kathy, a medical supervisor working at the frontline service who has access to all patient information from Price Health’s internal server, has received a series of fraudulent email alerts
from the IT team to change her password via a provided link for security purposes. Considering it a priority, she proceeded to click on the link and changed her password via a phishing
site that resembles the legitimate company’s website.

Unknowingly, her workstation (client terminal) has been
attacked with encrypted malware which was embedded in a
legitimate SSL certificate. Since the malware is encrypted, it
managed to bypass the network firewall/IPS/IDS in the
network. The antivirus solution has also been bypassed as the
attacker used a mix of open source and modified tools to
stealth the malware.

The malware begins its operation and attempted to clone all
database entries from the main internal server that contains the
patient records into the command and control center.
These accelerated I/O operations led to a continuous reading in
the firmware core of X-PHY®. However, X-PHY® trusts no-one.
It uses a sophisticated AI algorithm that constantly monitors all
the operations at the Firmware kernel level which led to the
detection of this unusual trait of increased reads in the flash
storage.

The AI algorithm then triggered the X-Guard threat lock to
restrict physical access of the NAND flash storage and lock down
the data at the firmware level. Alert notifications are
immediately sent via Secured Ethernet Network gateway that
supports pre-configured Bluetooth (BLE) to warn the security
operations center and the network team to restrict all external
network access to the database followed by access filtering from
the internal network. The X-factor encryption lock feature will be
activated to request 2FA verification to unlock the data.

X-PHY Protection Method

1. Guardian Pro-X and Security Scout features within the X-Guard Threat Lock use AI at the firmware level to survey a large
amount of data in real-time to detect malicious behavior characteristics like illegal data cloning activity.

2. X-Factor Encryption lock feature triggers data lockdown to prevent the attacker from accessing it and activates the Keycode
2-factor.

3. X-PHY® enters safe mode and asks for a password to complete the 2-factor authentication.

4. While these events are occurring, the X-File Forensic Agent feature actively monitors these events on X-PHY®.

5. The X-PHY® Forensic Agent is categorized into Forensic front-end and Forensic back-end. The front-end monitors the I/O
requests, data writing average, LBA hashing tables, accumulative I/Os, etc. while the back-end parses monitored events for
these attributes as it takes care of the alert notifications, detection of threats, behavioral analysis of threats, etc.

6. Active Detective feature logs the operations in the time domain during the monitoring window of I/O’s request like LBA block
read/write style and the data inward/outward flow in a hash table.

7. Deep Investigation feature helps to further analyze the modification and stealth techniques adopted for data exfiltration by
malware to improve the self-training AI algorithm.