Our bodies are our most critical infrastructure in the world. When we encounter a germ, we are vulnerable if our immune system cannot combat the threat. We’re breached where additional measures must be taken to not only reactively address and remediate the illness, but proactive measures as well to ensure it does not happen again.
This analogy parallels what we are currently seeing across the healthcare industry, where bad actors are infiltrating infrastructure like a germ and causing havoc that has widespread implications for the overall health of the industry, down to the patient care necessary for when we get sick. In fact, Gartner predicts that by 2025, 30% of critical infrastructure organizations will experience a security breach that can halt operations and impact physical systems.
Given the importance of our bodies and ourselves up against infrastructure that may not be able to heal us due to a cyber threat or attack, it is imperative we ensure healthcare infrastructure is as protected as possible as 5G networks, information technology (IT), operational technology (OT), and Internet of Things (IoT) domains converge to pose increasing challenges.
An increasingly challenging landscape
The healthcare industry is an extremely ripe target for cyber criminals. The sheer amount of patient data and personal identifiable information (PII) stored across IT platforms and connected devices presents an enticing opportunity for individuals or organizations seeking exploitation, particularly in cases where remediation is costly and the risks are high.In fact, for the 13th year in a row, healthcare data breaches remain the costliest at an average of $10.93 million, a 53.3% increase over the past three years, according to a report by IBM.
Beyond personal health data, attention also must be paid to vulnerabilities inherent in the plethora of connected medical devices and other IoT and OT systems. For example, today we see everything from HVAC systems to radiology units vulnerable to disruption. These inconveniences can immobilize an organization and the community it serves – appointments need to be canceled, procedures must be delayed, and other more potentially harmful measures as remediation takes place.
To combat challenges presented by rapid 5G adoption, proactive security measures are non-negotiable. Prioritizing Zero Trust is critical, particularly for healthcare organizations, where over half of publicly exposed development environments are misconfigured and vulnerable. Additionally, with insecure remote access ranking as the third leading exposure for these environments, ensuring full visibility of 5G traffic and implementing segmentation policies are vital to reduce attack surfaces and prevent unauthorized access.
For OT environments, next-generation software firewalls (SWFW) are critical in protecting infrastructure at points in an enterprise’s security ecosystem where hardware device installation is not feasible or recommended.
More breaches, dire consequences
Despite a pressing mandate to better secure the healthcare industry, headlines are rampant with news of breaches. A recent incident indicated the consequences that will continue to mount if security is not prioritized – the Green Ridge Behavioral Health, a Maryland-based practice, recently settled with the HHS Office for Civil Rights (OCR), which enforces HIPAA. The regulatory body found Green Ridge Behavioral Health did not have fundamental security measures in place, including a lack of analytics, monitoring, and security tools to reduce risk. As a result, the healthcare organization must pay $40,000 and will be monitored by OCR for three years to ensure the violations have been addressed and proper measures integrated.
We will continue to see similar intervention as more emphasis and spotlight is placed on safeguarding healthcare organizations where the speed of remediation can be life or death. Governmental initiatives such as the National Cybersecurity Strategy underscore this heightened scrutiny and viable threat landscape and serves as a larger call-to-action and collective commitment to protect the critical infrastructure we rely on so much.
Healthy security strategies ensure better outcomes
When a breach unfortunately occurs, recovery is primary. Whether it is malware, ransomware, or another method of attack, organizations must coordinate a response plan, communicate with customers and patients, and address legal and regulatory requirements. Of utmost importance outside of recovery efforts, healthcare organizations must prove they have a proactive cybersecurity framework and program in place to not fall victim to the same fate.
To enhance security practices and ensure reliability across the healthcare organizations we rely on so much, the time is now for healthcare organizations to audit existing strategies, processes, and tools. Across all industries, hindsight teaches us many lessons, yet the healthcare industry poses the highest threat to our bodies and ourselves when breached – our most important infrastructure – where foresight is an irrefutable survival tactic.
This assurance includes securing all connected devices. While the Internet of Things provides convenience, it can also cause chaos if assets aren’t known and secured. Compliance and adherence to industry regulations should be continually validated, ideally through automation to stay ahead. This also helps strapped security teams by cutting down on time needed to manually address, where attention can be focused elsewhere.
Ultimately, just like vitamin C can aid our immune systems and strengthen its defense, a successful security framework empowers security leaders and teams to better assess risks, manage assets, and detect anomalies to avoid the costly and complicated breaches we see across the healthcare industry. Our future health, based on the infrastructure that serves us, is dependent on what we put into it – and our current prescription indicates a need for a high dose of proactive security strategies.