4 steps to countering healthcare cyberattacks
Photo: Pexels.com; Laura James
With the dramatic rise in medical technology and the value of patient data, it’s no surprise that healthcare organizations are increasingly finding themselves on the receiving end of cyberattacks. Not a title any industry is eager to hold, the healthcare industry has been designated as having the most cyberattacks.
Here are four factors causing healthcare to retain this unwanted distinction.
1. The increasing number of connected medical devices
With the rise of virtual healthcare and soaring costs of healthcare overall, it’s especially critical for hospitals to remain competitive. The efficiency and effectiveness offered by connected medical devices aid in this quest. The industry has a strong appetite for more technology to help them see as many patients as possible. In a survey of 535 healthcare IT professionals, 59% said they had more than 300 network-connected devices.1
Unfortunately, these devices are notoriously challenging to patch and introduce a new set of security issues that makes it difficult to comply with regulatory requirements. The data transmitted between “wearable” devices, such as implants, and providers has emerged as one of the fastest-growing sources of attacks. In a recent report,2 it was revealed that more than half of connected medical devices and other Internet of Things (IoT) devices contain critical vulnerabilities to hospital networks.
What could help?
By improving logging and monitoring capabilities, hospitals can more adequately monitor medical devices for unusual behavior. A cyber solution allowing you to collect data, detect threats, facilitate investigations and craft a response will put you in the best position to protect your digital assets.
2. The ‘medjacking’ phenomenon
A growing risk, medjacking refers to the hijacking of digital medical devices. As the advances in healthcare technology have created a drastic increase in the number of connected devices, an unexpected side effect has accompanied them. Despite adding a layer of convenience and increased efficiency, medical devices have become prime targets for cyberattacks.
Medjacking allows malicious actors to take control of devices in use and causes frightening, and even life-threatening, scenarios. However, the most likely and frequent intent of these attacks is to exploit these vulnerable devices as a point of entry to broader hospital networks. The result? Sensitive patient information is being held for ransom or stolen, providers are unable to access critical patient data, or perhaps providing patient care is disrupted.
What could help?
You can’t protect what you can’t see. Often hampered by disparate security tools, hospitals need a cyber solution that will provide full system awareness to gain visibility into insider threats and indicators of compromise. Using tools such as behavioral analytics adds near real-time alerts to potentially malicious employees or indicators of compromise as early signs of a potential ransomware attack.
3. Under-resourced cybersecurity teams
While cybersecurity is a major issue affecting hospitals, on average only 4%-7% of total IT budgets across healthcare organizations are spent on cybersecurity.3 This is in contrast to 10%-14% seen across other industries. Making matters worse, many healthcare security operations centers (SOCs) teams are forced to rely on unwieldy Security Information and Event Management (SIEM) to perform their duties.
What could help?
Hospitals need a cyber solution to help them understand normal behaviors without having to be a cyber expert. Solutions such as a next-generation SIEM remove the heavy dependency on highly skilled analysts or the need for manual investigations, saving time and preventing human error. Ideally, a SIEM will also provide out-of-the-box compliance reports, which can be used to fulfill audit and regulatory requirements, significantly reducing the burden of compliance monitoring.
4. The rise in telehealth options
As the entire world struggled to figure out how to go about their normal lives from the comfort of home in response to COVID-19, telehealth options have seen a dramatic increase. Some projections anticipate this service to see sevenfold growth by 2025, making it one of the fastest-growing areas of healthcare. Telemedicine calls for the integration of many networks and technology platforms, which means there is often no centralized source of security monitoring and analysis.
What could help?
With so many telehealth systems connecting with various networks throughout the hospital environment, it’s critical for a cyber solution to provide visibility across all of these touchpoints. Automation is the only truly feasible way to accomplish this. Deploying Security Orchestration, Automation and Response (SOAR) offers security analysts multiple tools to respond to incidents.
By applying best practices that address vulnerabilities in these four areas, healthcare organizations can mitigate risks that open the door to cyberattacks and support the security of patient information with greater confidence.
References
- Konschak, C., Danaher, S. “Medjacking: A Life or Death Issue for Leaders in Connected Healthcare”. 2017-2018. https://www.divurgent.com/wp-content/uploads/2018/07/Medjacking-A-Life-or-Death-Issue-for-Leaders-in-Connected-Healthcare.pdf.
- McKeon, J. Last modified January 21, 2022. “53% of Connected Medical Devices Contain Critical Vulnerabilities”. https://healthitsecurity.com/news/53-of-connected-medical-devices-contain-critical-vulnerabilities.
- Healthcare & Public Health Sector Coordinating Councils. Last modified December 27, 2018. Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. https://www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf.