The healthcare industry is having an increasingly challenging time when it comes to cybersecurity. The past several years have seen a relentless chain of increasingly damaging healthcare cyber incidents, as attackers take aim without remorse.
The industry has seen a staggering increase in cyberattacks in recent years, with ransomware alone up by 264% according to the U.S. Department of Health and Human Services (HHS). The big watershed moment came in the form of the Change Healthcare ransomware incident that caused massive disruptions on a national scale, with many U.S. healthcare providers unable to process payments, issue prescriptions, or provide care authorizations. This brazen crime also unfortunately inspired a significant uptick in attacks against the industry overall, as attackers looked to exploit vulnerable systems.
Varying Threat Landscapes Within Healthcare
Healthcare is a broad industry with multiple segments. It's important to note that different segments of the healthcare industry face varying threats and have different cybersecurity capabilities.
Hospitals and clinics often struggle with legacy systems and have a large attack surface due to the high number and variety of connected devices they use.
Pharmaceutical companies and research labs have to protect both IT and OT environments that can be targeted for their valuable intellectual property as well as operational impact, making them particularly attractive to nation-state actors.
Health insurance companies hold vast amounts of personal data, making them attractive targets for cybercriminals.
Logistics providers in the healthcare industry face significant cybersecurity risks due to their critical role in the healthcare supply chain and their access to sensitive data.
Medical device vendors and the products they produce are at risk from software vulnerabilities, that might be difficult to patch and update.
Factors influencing the Surge in Healthcare Cyber Threats
The Change Healthcare attack was in many respects a symptom of a much larger problem. The bigger issue can be attributed to several factors:
Valuable Data: Healthcare organizations possess a wealth of sensitive personal information that can be exploited for various malicious purposes, including identity theft and blackmail. Unlike basic financial data like a credit card that can easily be replaced, medical information has a longer lifespan and greater value.
Critical Infrastructure: Many healthcare providers are considered part of critical infrastructure, making them targets for both cybercriminals and nation-state actors, seeking to cause widespread disruption.
Digital Transformation: The ongoing shift to cloud and SaaS environments has created new vulnerabilities as organizations struggle to secure these modern technologies.
Legacy Systems: Many healthcare providers still rely on outdated systems that cannot be easily replaced or updated, creating security gaps. These legacy systems often lack modern security features and are challenging to integrate with newer security solutions.
Budget Constraints: Unlike tech companies, healthcare organizations often lack the financial resources to invest heavily in cybersecurity measures, leaving them more vulnerable to sophisticated attacks.
Specific Cloud Security Challenges in Healthcare
The healthcare industry overall faces several distinct challenges when it comes to cloud security.
- Balancing Security and Usability. Medical devices and systems must prioritize functionality and ease of use, sometimes at the expense of robust security measures. For instance, implementing strict authentication processes on emergency room devices could potentially hinder rapid access during critical situations.
- Skill Gap. There's a significant shortage of cybersecurity professionals in general, more so with healthcare-specific experience.
- Regulatory Compliance. Healthcare organizations must adhere to strict regulations like HIPAA (Health Insurance Portability and Accountability), adding another layer of complexity to security efforts.
- Diverse Technology Landscape. Healthcare providers must secure a wide range of systems, including legacy on-premises infrastructure, legacy and innovative IOT and cutting-edge cloud and SaaS applications, creating a vast and complex attack surface.
- Supply Chain Vulnerabilities. Healthcare organizations often rely on numerous third-party vendors and devices, each potentially introducing new security risks. This complexity is amplified in cloud environments where data may flow through multiple third-party systems.
The Regulatory Challenge for Cloud Threat Detection and Incident Response
Healthcare is subject to many regulations that can serve to further create complexity and even confusion when it comes to cloud threat detection, investigation, and incident response. Among the key regulations in the U.S. is the Health Insurance Portability and Accountability Act of 1996, better known by the acronym HIPAA.
The HIPAA regulations mandate basic security requirements but don't offer detailed guidance on implementation. HIPAA does not mandate specific technologies for detection, incident response, or metrics to measure security effectiveness. This allows for variability in security maturity, and it can leave room for interpretation resulting in inconsistent security postures across organizations.
There is also a lot of complexity when it comes to breach notification timelines depending on the specific jurisdiction. This can cause even more confusion for organizations. Adding further insult to injury vendors that supply healthcare IT systems are not necessarily directly regulated, but organizations depend on vendors' security. This can introduce supply chain risks not addressed by compliance.
An overall lack of regulatory consequences for unaddressed vulnerabilities may also reduce incentives for healthcare entities to prioritize cloud threat detection and incident response capabilities.
How to Combat Modern Cybersecurity Threats in Healthcare
Given the complexity of threats and operational challenges that healthcare organizations face, there is a clear need to have a sophisticated set of capabilities to help mitigate risk—particularly as it relates to cloud environments.
To effectively combat the growing cloud threats in healthcare, organizations must adopt a multi-faceted, proactive approach, key areas of which include:
Visibility. It is critical to ensure panoramic visibility of cloud and SaaS environments. That includes identifying, pulling, processing and storing cloud and SaaS telemetry to support proper detection, investigation and response. Simply put, you can’t detect what you can’t see and a higher level of readiness is essential.
Training. Investing in training to bridge the cybersecurity skills gap, particularly in cloud security.
Threat detection. Implementing advanced threat detection techniques, such as behavioral analytics and AI-powered solutions is essential.
Threat hunting. Proactive threat hunting with advanced techniques to actively search for hidden threats within healthcare IT systems before they can cause damage.
Incident response planning. Developing and regularly testing incident response plans to be prepared for when cyberattacks strike.
These actions are crucial for identifying sophisticated attacks in cloud and SaaS environments and addressing vulnerabilities before they can be exploited.
The challenges the arise securing healthcare in the cloud are significant, however by implementing these approaches and staying vigilant, healthcare organizations can better protect their critical infrastructure, sensitive patient data, and ultimately, the continuity and quality of patient care.
