The last few years have seen a dangerous upswing in cyberattacks in the global healthcare community. Now, just a few months into 2024, it’s already clear this trend is set to continue.
The latest of a string of ostentatious attacks on the healthcare sector, last month, more than 100 facilities in Romania were hit by a major ransomware outbreak believed to originate from a third-party software provider. The attack left hospitals unable to access critical files or use online services, causing widespread disruptions in patient care.
Additionally, the US Department of Human and Health Services reports there were over 630 ransomware incidents impacting healthcare last year, with the 460 involving US-based operations. Other reports record at least 141 hospitals being directly hit by attacks.
It’s evident that in the face of increasing cyber threats, the urgency for more robust cybersecurity measures (especially within critical sectors like healthcare) has never been greater. And the stakes have never been higher! As cyber threats intensify and persist, and healthcare organisations look to shore up cyber resilience while making the most of limited resources, here’s where a more proactive approach to cybersecurity can help.
How healthcare cyber risks are stacking up
The attraction for attackers targeting healthcare is clear. Healthcare organisations, laden with sensitive patient information and critical operational systems, present a high-value target for cybercriminals and other bad actors. As a result, the sector is paying a higher price than most when it comes to ransomware, with the average cost of a breach standing at $10.1m last year (compared to an average of $4.35m in other industries).
Furthermore, ransomware has become one of the most prominent attack patterns for criminal gangs looking to exploit and disrupt, leveraging patient care and human lives for healthcare organisations to succumb to their growing demands. When successful attacks occur, organisations risk much more than just financial losses. They also risk operational shutdowns and, most critically, endangering patient lives.
Along with posing a target rich environment for bad actors to exploit, healthcare organisations are also regularly grappling with a mix of interconnected medical devices, sprawling IT, and a mixed bag of legacy and modernised infrastructure. Further, the need for constant uptime to provide patient care means facilities cannot easily afford downtime for maintenance and updates. Economic pressures and budget constraints provide further limitations.
With so many potential attack vectors to account for and limited resources to call on, it’s all but impossible for providers to prevent every possible attack. This is why an ‘assume breach’ mindset, or a more proactive approach to cybersecurity, is quickly emerging as a preferred approach to fuel greater cyber resilience.
Shifting towards assume breach
‘Assume breach’ has become a mainstay in the security industry and is a foundational building block for organisations progressing towards more mature security strategies. There are so many ways for attackers to gain access to the network, datacenters, or sensitive workloads today. In fact, it’s safer and more effective to map out your cybersecurity strategy around the assumption that they’re already in your environments.
This isn’t a case of giving up – it’s about preparing for the worst-case scenario and shoring up defences accordingly. This requires a shift in focus from preventing bad actors from gaining access, to locking down and preventing their ability to move laterally across environments once inside. It’s an approach that requires taking on the mindset of an adversary, seeing things from their perspective and working out your most valuable targets and assets are. Then, prioritising securing those up first.
One of the most effective ways to put this ethos into practice is with a technology known as Zero Trust Segmentation (ZTS). This approach has its foundations in the Zero Trust concept of never trust, always verify. Unlike previous approaches where entities are trusted simply by having the right credentials, Zero Trust requires that anyone accessing the network takes extra and continuous steps to verify themselves.
ZTS is the ultimate expression of the Zero Trust strategy, setting granular policy that gives organisations full visibility into connections and communications across hybrid environments, while also flagging and automatically shutting down any unauthorised access.
You could compare the result to the physical security of a hospital building. The most important and critical areas are protected by more levels of security, including human personnel and locked doors requiring ID. While someone may be able to enter certain parts of the hospital, it will be increasingly difficult for them to reach vital areas without being challenged and blocked.
Moving from prevention to containment
Transitioning from a prevention-centric strategy to a containment-led ‘assume breach’ mindset signifies a crucial step in security maturity. Recognising that attacks are inevitable; the emphasis now is on how to best minimise their impact.
Prompt attack containment is vital to preserve operational continuity and ensure uninterrupted patient care. By isolating attacks and preventing their spread within the network, ZTS enables healthcare organisations to quickly neutralise threats, safeguarding the integrity of systems and protect the confidentiality of patient data. This proactive stance not only enhances the organisation’s cyber resilience but also aligns with regulatory and legal requirements, protecting against potential reputational harm.
Gaining end to end visibility and mapping the network’s communications is a critical initial step, understanding and pinpointing potential vulnerabilities, cyber threats, and attack paths to high-value healthcare assets. This knowledge can then inform strict access controls based on the principle of least privilege, ensuring that users and devices have only the access necessary to fulfil their roles.
Regular audits and updates of cybersecurity measures, particularly concerning the supply chain, are another essential step. As seen in the attack on the Romanian hospitals, supply chains can be a serious liability, with attackers exploiting various levels of system access to bypass key security controls.
As cyber threats loom large, a shift in healthcare strategies are essential. Beginning with an assume breach mindset and eventually moving towards Zero Trust (with ZTS at the root of your Zero Trust approach), healthcare providers must first and foremost prioritise shoring up critical assets to minimise the impact of breaches above all else.
This strategy, rooted in the principle of ‘never trust, always verify,’ will help healthcare organisations further fortify themselves against the inevitable cyber challenges ahead, ensuring the safety of both patient data and the continuity of care.
By Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio