Navigating the Surge of Cyberthreats in Healthcare

By Scott McKinnon, Chief Security Officer (CSO), UK&I at Palo Alto Networks.

  • 5 months ago Posted in

Malicious attacks on the healthcare industry have grown exponentially in recent years. A survey of cybersecurity managers in the UK health sector found that 81% of organisations in the UK had been hit by ransomware in the previous year. Healthcare, in particular, is a prime target for threat actors, given how valuable patient information can be for identity theft and blackmail. Many health systems still operate with legacy technologies, making it easier for cybercriminals to gain unauthorised access.

Healthcare is undergoing rapid modernisation. New technologies in the field can dramatically improve outcomes, while new care delivery models make the experience of receiving care much more pleasant for patients. And telemedicine, here, is a game-changer. It allows our already-stretched legions of doctors and nurses to “see,” diagnose and treat patients in a digital environment rather than forcing a patient to come into a physical office, clinic or emergency room. And while in-person care is obviously essential for many health issues, telemedicine is ideal for many other scenarios.

However, this also introduces a new level of risk that must be addressed: an ever-expanding attack surface in healthcare. Understanding the largest drivers of healthcare transformation today is key to securing digital transformation and providing the quality of care patients deserve. 

The emergence of telehealth 

Telehealth and remote patient monitoring are revolutionising the care delivery experience. Patients enjoy better access to care, especially those with disabilities or those who live in underserved communities. In 2022, NHS England’s experimental statistics showed that an average of 41.2% of appointments were by telephone, highlighting an increase in telemedicine.

While innovations, like remote care, optimise patient-centric care delivery, they also introduce new cybersecurity challenges. Remote care requires access to Emergency Medical Retrieval Service (EMRS), Protected health information (PHI), virtual visits and remote patient monitoring devices delivered from multiple channels: data centres, cloud providers and SaaS providers. Security teams must also manage the IT infrastructure and connectivity between hospitals and patients. Ultimately, this shift toward decentralised care delivery models expands the attack surface and makes securing the entire network much more painstaking.

The rise of connected devices

Connected medical and non-medical devices now make up a sizable portion of a hospital’s network. MRI machines, IV pumps, blood pressure monitors, laptops and security cameras, and even Heating, Ventilation, and Air Conditioning (HVAC) systems, just to name a few. Preventing data compromise and risks to patient safety requires securing these connected devices from end to end.

Complete visibility among the diversity of devices can be extremely challenging, especially among providers practising distributed-care delivery models. Devices are often connected to complex medical IT environments while located in medical centres, remote clinics and patient homes. This widens the endpoint sprawl, making every device a potential target for cybercriminals. To further complicate this problem, many IoT and IoMT devices are both critical to provider operations and highly insecure due to design for functionality and cost and not secure-by-design across the expected lifecycle.

The growing complexity of Healthcare IT systems 

Applications and services are now hosted in data centres and the cloud, or they’re delivered by SaaS providers, while clinicians deliver care from anywhere using an array of connected medical devices. Many of these run on antiquated operating systems and often cannot be patched or secured effectively. Security teams are tasked with managing these increasingly complex IT environments, which require significant technical resources.

Healthcare organisations often attempt to secure this digital landscape by tackling on point product solutions that provide a single security function. These products typically lack integration and cohesiveness, only adding to the complex challenge.

Making digital transformation secure for healthcare

Addressing the surge of cyberthreats in healthcare requires a multifaceted approach that combines technology, policy, and education so they don’t run on multiple disjointed products. A first step for healthcare organisations would be to invest in robust cybersecurity measures to protect patient data and critical infrastructure. This includes implementing advanced encryption protocols, multi-factor authentication, and network segmentation to limit the impact of potential breaches. Regular security audits and vulnerability assessments can also help identify and mitigate potential weaknesses in the system.

Secondly, collaboration and information sharing among healthcare providers, government agencies, and cybersecurity experts are essential for staying ahead of evolving threats. For example, NHS England’s Data Security and Protection (DSPT) Toolkit is a good starting point to help promote consistency and ensure security standards are met. However, these systems require continual development and potential expansion, as well as encouraged adoption by the public and private sectors. Equally, consolidating the cybersecurity arsenal into a unified platform eliminates the complexity of managing multiple tools and offers a holistic view that enhances operational efficiency and effectiveness. In addition, fostering a culture of cybersecurity awareness and training regularly among healthcare staff is crucial for mitigating human error, which remains a significant vulnerability in many organisations.

Finally, leveraging emerging technologies such as AI and machine learning capabilities securely can enhance threat detection and response capabilities. These technologies can analyse vast amounts of data in real-time to identify anomalous behaviour and proactively defend against cyberattacks. By taking a proactive and collaborative approach to cybersecurity, the healthcare sector can stay ahead of new and emerging threats, ensuring patient data and the integrity of their systems are protected in an increasingly digital world.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.