Cyber Vulnerability is Healthcare’s Modern Malaise – ET CISO
A woman seeking emergency treatment for a life-threatening condition at Duesseldorf University Clinic in Germany, became ransomware attacks’ first fatality last September, after the facility’s IT systems were crippled. The bad for the sector is that this is unlikely to be the last fatality from unless the malaise is treated quickly.
The healthcare industry makes for an easy target for malicious actors, given its relative nascency to cyber threats and the resultant. Healthcare accounted for nearly a quarter of the reported data breaches – the highest – accounting for over 29 million individual patient records stolen in 2020, in the US alone.
With the onset of the Covid-19 pandemic, there was a sudden surge in telemedicine adoption, remote working, and makeshift sites for virus testing and treatment, and under preparedness, all contributing to newand gave a once in a lifetime opportunity.
The urgency of the situation primed healthcare providers to become sitting ducks to pay up against ransomware attacks. The stakes became even higher for pharma organisations involved in vaccine-related research, as nation-state-backed cybercriminals tried to steal vital information. Yet, even before the pandemic hit, healthcare was already a tantalizing target.
Healthcare industry is susceptible to attacks
Healthcare organizations are an attractive target for cybercriminals thanks to the high value of medical information. Personal health information is up to 50 times more valuable on the black market than financial information, fetching upwards of $60 per patient health record. Medical records often contain a complete identity which can be used to establish fake identities, open credit accounts, or be sold for insurance-fraud purposes.
If the high value of patient information is one side of the coin, the fact that healthcare industry is a multiparty ecosystem – consisting of care givers, hospitals, insurance firms, pharma firms, medical equipment makers, health apps – makes it complex. The high number of stakeholders increases the risk of patient data being misused, or leaked, contributing to a trust deficiency. Besides, the healthcare biome itself is fast evolving to an expansive interconnected technology-powered ecosystem. Wearable medical devices, electronic health records, cloud-based data storage, and an ever-expanding mitosis of mobile health apps are transforming diagnosis, treatment, and monitoring.
What the doctor ordered
Understanding the evolving threat landscape is only the start of the battle for healthcare organizations and CISOs. The next step is taking a holistic view of cybersecurity – designing information technology, building systems, and clinical equipment as a single, unified process that considers those systems holistically. A secure by design approach is recommended to offset design limitations of medical devices and medical systems, which have poor security . Different measures including continuous testing, authentication safeguards and adherence to best programming practices are part of augmenting this approach.
By adopting cloud services for storage and processing of sensitive medical data, we can enable continuous security posture management (CSPM), that few on-premises systems can match. Accompanying best practices like perpetual monitoring with DevSecOps, complemented by complete response automation can also be implemented with cloud.
The use of AI-based cybersecurity systems can assist healthcare system managers with proactive threat hunting and reducing false positive alerts by removing noise from data signals. They can monitor the healthcare industry security threats trending globally to understand the cyber environment and thereby identify potential threats and improve response time.
Adoption of zero trust architecture – shifting network defences toward a comprehensive IT security model that allows organizations to restrict access controls to networks, applications, and environment, without sacrificing performance and user experience, is highly recommended. With the rise in remote working, eliminating the old firewall approach and embedding security in every layer, is already a cyber best practice. The use of Secure Access Services Edge (SASE) which refers to the delivery of security as a service from the cloud can help secure enterprises in a ‘borderless’ environment. For example, while connecting from home or from any remote location to the headquarters, the traffic will go through the cloud requiring the security and network service provider to enforce the necessary security policies.
Healthcare providers rely heavily on third-party vendors for multiple utilities. Identifying vendor risks and planning remediation with timeline tracking will address the dangers. Other best practices like managed breach detection and response using behavior-based anomalies, triggering automatic responses using Security Orchestration Automation and Response (SOAR) playbooks when anomalies are detected will help in quick recoveries.
The future of healthcare will involve plenty of devices, data sharing, as innovations proliferate. This will introduce new risks, which makes it imperative for a deliberate approach towards integrating cybersecurity and privacy by design, in the healthcare sector. Only this will ensure delivery on the promise of the future of health.
Vishal Salvi, Chief Information Security Officer & Head of, Infosys
(DISCLAIMER: The views expressed are solely of the author and