Protecting the most vulnerable: the role of cybersecurity in healthcare
Crippling cyberattacks on hospitals and healthcare facilities are on the rise. This year has seen a sharp increase in cyber gangs stealing confidential patient data by launching ransomware attacks. These relentless attacks can knock medical systems offline for weeks, resulting in thousands of cancelled appointments, surgeries, and patient harm. Doctors and nurses are also being thrown into crisis mode, suddenly locked out of online patient records and forced to manually file paperwork. Phone systems go down while IT staff work tirelessly to get services safely back online. The recovery can be long and brutal.
It doesn’t take long to see how ransomware can have a dangerous impact on the healthcare industry. The sector is increasingly being targeted for the valuable data it contains. Cybercriminal gangs like Qilin, the Russian-speaking cyber gang behind the recent Synnovis attack, stole data and posted it on the dark web after failed negotiations. The gang demanded over $50 million from Synnovis as a threat not to release the data. But even if a cyber gang fails to collect ransom, a successful attack further increases their notoriety.
Director of Security Technology and Strategy for Akamai’s EMEA region.
Calculating the human cost
With criminals operating internationally, cybercrime is ultimately a business. The World Economic Forum has revealed that the cost of cybercrime could reach $10.5 trillion annually by 2025. But when bad actors specifically target healthcare institutions, it’s the patients who pay the price.
Hospitals and other healthcare facilities are highly complex because they continuously store and process large amounts of personal data. This personal data is fed into dozens of software models hosted by third-party companies, which provide everything from electronic medical records to employee schedules. Cyberattacks on third-party service providers that take medical services offline can impact a hospital’s internal systems and networks, as well as those of these third-party providers.
In the hours and days immediately following a ransomware attack, it’s common for companies with software connected to the targeted organization to pull the plug on their services to determine which areas have been impacted. While a cyberattack on a business can disrupt services like payments and inventory monitoring, cyberattacks on the healthcare sector can deny patients life-saving care and undermine their trust in healthcare services.
When you combine this with the healthcare sector, which has seen a significantly larger increase (162%) in cyberattacks than any other sector (the next highest increase was in media, leisure and entertainment (116%)), it is clear that the human cost of cyberattacks within healthcare organisations is skyrocketing.
Blind spots in healthcare
Healthcare organizations report that budget constraints are the biggest barrier to cyber resilience. In today’s climate, too many organizations are typically only able to respond to cyberattacks on a reactive basis. But the truth is that reactive approaches give the initiative to malicious actors and leave healthcare organizations on the back foot.
Legacy healthcare IT systems also present attractive entry points for cybercriminals. For example, organizations often rely on operating systems that are no longer supported, such as Windows 7. In some cases, legacy systems can account for 30 to 50 percent of all IT services, making them vulnerable. Some of these systems may have been designed over 20 years ago and simply have not kept up with technology advancements due to the cost of maintenance or replacing software originally designed for a now-outdated operating system.
A nightly overhaul to the latest operating system is not realistic, but there are immediate steps organizations can take to manage their risk. One example is network segmentation. This involves dividing the network into isolated sections, allowing an organization to isolate the mission-critical aspects of their network and ensure that even in the worst-case scenario, a minimum level of secure operation is maintained.
Segmentation is vital to healthcare because it gives institutions the most precious resource of all: time. Segmented networks slow down bad actors. In essence, it’s the difference between giving hackers free rein or ensuring they’re stopped and blocked at every turn. While the most desirable outcome is to prevent cybercriminals from getting in altogether, it’s equally important to ensure that a successful attack doesn’t give them the red carpet treatment to every corner of a network. The average time it takes to completely stop a ransomware attack in a well-segmented network is four times faster than in a network that isn’t segmented. In healthcare, the speed of a successful response can literally be a matter of life and death.
Preparing for the future
IT and security teams are facing an uphill battle, it has never been easier for amateur cybercriminals to launch attacks and cause disruption. And that is largely why we are seeing an increase in attacks and hacktivism, both in Europe and globally.
The recent Synnovis attack underscores the importance of robust cybersecurity measures to prevent attacks in the first place, as relying on post-attack solutions is neither feasible nor desirable. It is imperative that healthcare organizations are empowered to strengthen their defenses by addressing key vulnerabilities.
In addition to securing infrastructure, healthcare organizations must provide the tools that enable employees to work safely and securely. Organizations have a duty of care to protect their employees and this extends to ensuring they can spot phishing attempts and cyberattacks early and block the user’s request if they click on a malicious link. Training and refresher courses should be provided year-round. Attackers rely on and exploit complacency at the point of entry.
Another clear step that any healthcare organization can take is to implement the ‘assumed breach’ approach. Unraveling attacks is a very stressful situation, but panic cannot set in. Operating under the assumed breach mentality helps manage this. It is an approach that ensures constant pragmatism and is a core principle of Zero Trust – the network security strategy based on the philosophy that access is never granted unless explicitly deemed necessary. In the healthcare environment, organizations should operate under the strategy of ‘never trust, always verify’. This limits the lateral movement of a cybercriminal once they gain access and also makes it easier to ensure compliance with micro-perimeters around sensitive data.
As healthcare institutions are increasingly targeted by cyber gangs, cybersecurity must be considered an operational necessity.
We provide an overview of the best practice management software in the medical sector.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of TechRadarPro or Future plc. If you’re interested in contributing, you can read more here: