If healthcare networks are threat aware, administrators will not need to think about securing all the individual devices already in place.
Technology continually enables the creation of new business models while disrupting entire industry landscapes. As a result, the boundaries of cybersecurity are constantly being tested.
Cybercriminals are constantly identifying new targets to exploit, affecting not just organizations, but individuals and communities at large, and leaving us vulnerable to risk. Because of this, cybersecurity remains a top priority given how it affects our daily lives greatly, especially in these pandemic times.
With employees and individuals bringing in their own devices and apps into organizations, ensuring that security and privacy concerns are addressed is more crucial than ever. The question here is whether organizations are doing enough to keep up with these cybercriminals.
A recent survey showed that companies across different verticals in the Asia Pacific region are emphasizing on strengthening their security positioning, amidst the existing concerns due to the growth in targeted malware, customer-data theft and lack of skilled personnel in the security domain.
While nearly every organization has had to reevaluate its security strategies and assess risk, there is one group that is getting hit hard with vulnerabilities and attempted attacks—the healthcare industry. But what makes these organizations so prone to attacks and what can they do to protect themselves?
A goldmine of valuable data
Healthcare organizations are at an increased risk for cyberattacks because they have valuable, confidential information that cybercriminals can sell or use as leverage for ransom. Additionally, with so many connected devices, it is nearly impossible to individually protect them all—especially since individual device-level protection just does not cut it.
Medical devices are especially vulnerable because security is more challenging when the devices are designed and maintained by the manufacturer. Also, there is not a lot of guidance around medical device security, so it is left to the healthcare providers to solve the problem.
More specifically, there are two types of security challenges in healthcare environments:
Access: Who has access to what device? There are many instances where a single device is being shared by many (for example, a computer at a nurse’s station), leaving it open to increased vulnerabilities.
Coverage: The need to secure those devices (everything that is IP specific that is on the network). For example, ventilation systems and heart monitoring systems cannot have end-point security software deployed on them—in fact, because they are highly regulated, their operating systems cannot be updated or patched to eliminate vulnerabilities. This means they are highly-exposed and targeted.
Since you cannot put traditional security software on those devices, the network must be able to monitor and track threats.
This balancing act of ensuring approved access and handling protected health information (PHI) from various devices and locations, along with complying with state and federal regulations—all while preventing the intentional or unintentional compromises of systems, devices and data—it is not easy!
Compliance and Privacy
Healthcare poses a unique challenge because of the need to balance legacy systems with compliance and privacy, which is notoriously difficult. Many security technologies would, to some degree, violate patient confidentiality to secure them.
Legacy systems do not offer the right level of roles-based access or segmentation that is needed to ensure compliance and privacy standards are met. They also do not offer the security controls required to accurately identify potential threats. For example, ransomware hides in encrypted traffic without breaking encryption-compromising privacy. Additionally, there is a problem of decreasing visibility with encrypted traffic, really tipping the scales between privacy and security.
From access and coverage, to compliance and privacy, the healthcare industry has already been facing an uphill battle for complete security. Throw in the current state of the world with some opportunistic bad actors and you have the potential for a major breach.
‘And’, not ‘Or’
Recognizing immediate challenges is the first step in overcoming them: both from an operator and a technology perspective. That is why it is necessary for healthcare IT teams to consider a strategy that will secure all devices on the network, end-to-end. Security cannot be a ‘this or that’ narrative: it must be thought of as ‘this and that.’ Securing a single device, no matter how big or important, does not solve the problem. The challenge just moves from one place to another.
This is where the threat-aware network comes in to play. If your network is already threat aware, you do not need to think about securing all the individual pieces you have in place. It becomes entirely resilient in a way you may not have previously thought of.
With so many hospitals isolating their networks, building standalone triage facilities where they can do large-scale testing and posture assessment for their community and so on, it is crucial that the network be made more threat aware. Security must be at every point of connection and be able to detect threats given where it sits in the stack.
The same holds true with integrating threat intelligence into the network. If a user is somehow duped into an attack and threat intelligence is already built in, the network will automatically recognize the infection and isolate it, reducing the risk of more widespread exposure.
While the healthcare industry definitely has plenty of obstacles to overcome, there are ways to defend against malicious attacks. By keeping our eyes on the prize and adopting a security-first mindset, we can stop cybercriminals in their tracks and focus on what is most important during this time: keeping our communities safe and healthy.