Healthcare data is some of the most valuable in the marketplace. Patient records, financial information and intellectual property are highly valuable assets that make healthcare organizations prime targets for cyberattacks. To ensure quality care, healthcare organizations must address IT security challenges and bolster their defenses to protect critical information.
However, many companies lack the budget, top-tier talent and tools necessary to optimally protect data and infrastructure, thus creating opportunities for malicious actors.
Organizations within the healthcare sector must be particularly aware of these typical cyberthreats and how they can jeopardize patient safety and privacy:
- Ransomware attacks: Healthcare faces a serious threat from ransomware which can disrupt operations, put patient information at risk and deplete financial resources. To combat ransomware, organizations must back up and isolate critical data regularly for contingency planning, perform regular access certification campaigns, embrace cloud storage and conduct extensive ransomware identification campaigns with tabletop exercises to promote early detection and mitigation.
- Phishing and social engineering attacks: Phishing tactics can compromise sensitive data by misleading employees into exposing confidential information. In a social engineering attack, a bad actor gains unauthorized access to healthcare systems by impersonating trusted individuals or exploiting relationships.
Companies typically combat phishing via frequent employee training, active phishing simulations, and through email filtering solutions designed to identify and block phishing attempts. Reducing the risk of social engineering attacks requires the implementation of multi-factor authentication (MFA) and strengthening trust verification processes.
- Insider threats: Internal staff may expose vulnerabilities unintentionally or act with malicious intent, posing significant risk to healthcare data. Healthcare organizations must address insider threats by maintaining segregation of duties, having strong detective controls for data record and system access and aligning staff with well-considered Role Based Access Controls (RBAC) that are adopted across access controls.
- Distributed denial-of-service (DDoS) attacks : Because of the sensitive and often real-time nature of their operations, healthcare institutions are prime targets for DDoS attacks, creating chaos and disrupting life-sustaining communications that can put patients in danger. Companies need to develop a response plan for DDoS incidents to react quickly when an attack happens and should also consider investing in DDoS mitigation solutions and critical workload segmentation.
Infrastructure and talent challenges
Adopting robust physical and data security measures is essential for healthcare organizations to protect their infrastructure and patient data. Physical security should include the implementation of access controls, mandatory visitor/vendor registration, badge readers and adaptive surveillance systems to secure physical infrastructure while data security should focus on encryption, authorization controls, data segregation, and data loss prevention to secure patient records and sensitive data.
- Legacy devices and infrastructure. The oldest and most untouchable devices can often be an organization’s weakest link in cyber resilience. Unfortunately, they can also be the most impactful. Legacy medical devices and building control systems remain in use in healthcare networks, posing risk due to their long refresh cycles. Also, lengthy FDA approval processes can mean that a new-to-market device that featured the latest security capabilities when it was engineered may lag in its capabilities by the time it reaches the market.
Another reality that complicates infrastructure management is the number of connected devices in flat networks from different vendors. The result is often a tangled web of communications that is vulnerable to attackers.
- Insecure medical devices and equipment. Medical environments are rapidly becoming vast collections of networked devices, many of which are connected to the internet. Internet of Things (IoT) devices are recognized for their poor security and Internet of Medical Things (IoMT) devices are no different. They provide attackers with new points of attack and access that are easily exploited to gain access to patient information and medical systems.
Segmenting generously isolates risk profiles of healthcare networks: legacy devices, IoT devices, medical devices, shared workstations, vendors/suppliers, patient internet access, visiting physicians and contracted staff. This prevents one risk profile from affecting the severity of another. Since segmentation is already a powerful strategy, microsegmentation potentially brings even more effectiveness. Microsegmentation does however necessitate in-depth knowledge of the connections between devices and applications and effort vs reward must be considered.
Transitioning toward resilience
IT teams must carefully decide which devices to categorize as high-risk/low-impact, or low-risk/ high-impact. In any clinical network, IT teams need to balance security and accessibility and carefully consider the consequence of excessive safety protocols when touching life-impacting devices.
Healthcare overall is struggling to attract top cybersecurity talent due to a variety of perceptions that include low salaries, conservative spend and decision making, fewer career opportunities, and the view that healthcare as an industry is a technology laggard.
However, many professionals will thrive in this environment through attaching to a mission, bringing experience from other industry verticals, or attaching to innovations unique to healthcare. It is common for organizations to leverage vendors to jump-start new initiatives or outsource capabilities.
Recognizing the security gaps and opportunities is a strong first step toward ensuring privacy and patient safety. Addressing the specific security challenges in healthcare IT and implementing comprehensive security measures can strengthen defenses and protect valuable data.
Overcoming Modern Logistics, Transport and Shipping Challenges by Leveraging Data Modernization
About the Authors
Manager, Global Cloud Security Solutions
Scott Schlueter has over 20 years of experience in information technology across diverse industries including higher education, enterprise and managed IT, and healthcare. As an Information Security expert specializing in security architecture and risk-based strategies maximizing security goals, he has become a dynamic leader and articulate communicator with a talent for building business processes with an emphasis on automation and fostering relationships among business units and principles. He is a certified information security professional with extensive experience in enterprise project management, mergers and acquisitions, and maximizing effectiveness of security controls.Read more about Scott Schlueter