By John Cardani-Trollinger, Senior Director, Solutions Marketing, Accedian
The pandemic starkly highlighted the flaws in the healthcare industry’s infrastructure. Hospitals and other medical facilities increasingly turned to connected medical devices and telehealth solutions to limit in-person contact while still providing sufficient care. However, an unfortunate side effect to these efforts is that they also come with increased cyber-attack risk – in an industry that was already highly vulnerable to such incidents. According to an IBM report, healthcare breaches cost $9.23 million per event in 2021, an increase of $2 million from the previous year.
Increasingly popular amongst threat actors, ransomware attacks have evolved to become more aggressive and diverse, requiring that huge ransoms be paid to regain access to medical records. As these records contain personally identifiable information (PII) about patient health status, the consequences of their exposure could result in reputational damage, significant penalties and legal action, leaving hospitals and other healthcare organizations little choice but to pay.
However, there are ways to mitigate these risks, and it starts with taking a closer look at your infrastructure.
Increased risks, greater pressure
According to a survey completed by IBM, the amount of medical data doubled on average, every 73 days, in 2020. This explosion in medical data has been fueled, in part, by the growth of IoT technologies. Due to their potential exposure due to cyber threats, healthcare organizations face growing pressure when balancing the increase in data and the risk of cyber attacks. Grand View Research estimates that by 2025, the worldwide IoT healthcare industry will be worth $534.3 billion – That is a lot of data that must be protected, with an uncomfortable amount of risk.
Exacerbating the data/risk challenge, healthcare organizations are also grappling with rising healthcare costs, a lack of skilled workers and a high administrative workload – and these factors have converged to place additional demands on the networks and applications that support crucial front-line workers. And that’s not all – increased patient populations, a remote workforce and expanded telemedicine capabilities, have further added to the burden on healthcare networks and IT systems.
The critical nature of healthcare data
In healthcare, data is crucial to patient care. Because of this, healthcare professionals must efficiently and securely access and manage that data. Given the numerous devices and applications linked to highly distributed healthcare organization (HCO) networks, this presents a significant challenge for IT teams as they attempt to manage the security of those networks. Critical IoT devices (like infusion pumps, connected respirators and pacemakers), picture archiving and communication systems, electronic health records, telemedicine channels, on-site pharmacies and many other locations are just some of the places where data is constantly flowing.
In addition to securing data, healthcare organizations must also overcome challenges to the network infrastructure itself. Over the past few years, modern healthcare has undergone a seismic digital transition. This has left patient lives, HCO reputations and financial health vulnerable not only to the aforementioned cyber-threats, but also at the mercy of network and application performance. In the past four years, technical problems have caused serious interruption for 63% of healthcare providers, according to Gartner’s 2020 CIO Agenda: A Healthcare Providers’ Perspective report. These network interruptions could spell disaster for both providers and their patients as the data being shared could determine the difference between life and death.
It’s essential that HCOs have the capability to swiftly resolve issues with their infrastructures before they become more serious. Ultimately, by maximizing productivity, HCOs and the managed security service providers they partner with can enhance patient care and reduce financial and reputational risk.
New tools for digital healthcare
If networks don’t have clear and comprehensive visibility into their perimeter – where most data breaches occur – they will remain vulnerable to advanced malware. But perimeter security alone isn’t enough when it comes to protection from attacks that evade perimeter security solutions. An HCO needs network monitoring solutions that offer end-to-end visibility throughout the entire distributed network, from on-premises to the cloud, in order to reduce cybersecurity risk and quickly identify suspicious traffic.
This visibility needs to be real-time, as well, and include diverse data sources. Proactive monitoring of detailed network data will provide early warnings based on traffic behavior around emerging problems and direct specific remedial actions.
To accomplish this outcome, organizations need to:
- Create a network monitoring strategy: A well-conceived network monitoring strategy will give healthcare organizations full-stack observability with monitoring, analytics and assurance of their networks, applications, infrastructures and services. These solutions can reduce downtime, boost IT productivity and shorten mean time to repair (MTTR.)
- Be aware of the devices and apps connected to the systems: HCOs must know not only what devices are connected, but how much power and bandwidth they consume. Additionally, their IT system should be able to connect via APIs to network and security operations centers. With these capabilities in place, HCOs will be able to minimize blind spots and use smaller sensors to produce effective diagnostics without affecting the performance of the network.
- Deploy a network detection and response solution: With the broad network of IoT devices in HCOs, perimeter security isn’t enough; it’s not capable of identifying and blocking potential Zero Day attacks. But with a network detection and response solution, you can identify the potential Zero Day attacks that evade perimeter security technology and endpoint detection and response (EDR) systems.
Network monitoring tools need a dashboard that offers a unified view of all digital assets, including applications, devices and networks. And all of these systems should be easy to manage from a single pane of glass, with analytic and intrusion detection capabilities that can combat ransomware, data theft and other critical cyber threats.
Infrastructure as a defensive weapon
As the pandemic escalated, so did healthcare workload and cybersecurity risk. IT teams scrambled to provide remote capabilities, expanding the threat landscape of health providers at the same time. Because health data is so valuable, it’s a prime target for hackers and must be protected to the highest degree. A strong security network performance framework will empower security teams with the real-time visibility they need to defend against today’s sophisticated and non-stop attacks.
John Cardani-Trollinger is Sr. Director, Cybersecurity Solutions Marketing for Accedian. He has more than 20 years in the Cyber Industry working in various capacities such as Cyber Training, Product Management and Product Marketing, with global companies such as Cisco, HP/3Com and Palo Alto.
John is a cyber security evangelist who believes very strongly in cyber security as a means of protecting our way of life.
Healthcare Business Today is a leading online publication that covers the business of healthcare. Our stories are written from those who are entrenched in this field and helping to shape the future of this industry. Healthcare Business Today offers readers access to fresh developments in health, medicine, science, and technology as well as the latest in patient news, with an emphasis on how these developments affect our lives.