How Zero Trust Can Help Healthcare Organisations Become Resilient to Ransomware

How Zero Trust Can Help Healthcare Organisations Become Resilient to RansomwareImage | Free Stock photos by Vecteezy

Healthcare’s move to industry 4.0 and the continued shift towards more integrated patient delivery systems have resulted in the convergence of information technology (IT) with operational technology (OT) systems. Whilst the proximity between the two now affords improved connectivity and more efficient patient experiences, it also increases the attack surface for threat actors looking to exploit critical healthcare systems.

Last year, the National Cyber Security Centre (NCSC) revealed it had managed an unprecedented 777 cybersecurity incidents (up from 723 the previous year), with around 20 percent of cyber occurrences being linked to the health sector and vaccines. Additionally, it was reported that in 2021, 81 percent of UK healthcare organizations suffered a ransomware attack.

Clearly, something must be done. It is paramount that healthcare organisations act now to implement an overdue cybersecurity strategy that not only contains ransomware and other threats by default, but simultaneously allows for the continued availability of life-saving medical services – especially as the pandemic continues. One way that healthcare organisations can accomplish both objectives in tandem is with a more resilient, Zero Trust approach to cybersecurity.

A Zero Trust security model — which assumes that all interior network traffic cannot be trusted without authorisation, and only allows verified entities access to critical networks, systems, and data — allows security teams to better manage risk and reduce attack potential, bolstering organisational resilience and patient security in the process.

Why healthcare is a tempting target

Cyber criminals are realising that they can increase profitability by disrupting and extrapolating data. Unlike with a bank or retailer, where the target is customer information, attacks on logistics processes within industries like healthcare have immediate real-world impacts. Even worse, cyber criminals are acutely aware that their ransom demands are more likely to be met if — in the case of a hospital, for instance – getting lifesaving medical systems back up and running is what’s at stake.

Moreover, a historical lack of investment in security from overstretched healthcare organisations, alongside heightened vulnerability brought on by the Covid-19 pandemic, has led to a wide and complex IT landscape for threat actors to exploit.

All it takes is one successful phishing attempt against a remote employee, or one wrong click from a nurse practitioner to grant threat actors access into a healthcare provider’s environment. Once inside, an attacker can move laterally in their quest to find critical data, hold protected health information (PHI) hostage, or infect healthcare machines (think OT) using open and unprotected ports and protocols.

Of course, detecting an attack at this point is too late – the damage has already been done. So how can healthcare organisations change their cybersecurity approach moving forward?

A necessary shift in mindset

Successful ransomware attacks will continue for as long as organisations, healthcare included, continue to rely and invest solely on prevention-at-the-perimeter approaches — that is, focusing exclusively on keeping threats out of their organisation. The reality is that breaches today are inevitable — they’re bound to occur, regardless of enterprise or industry. And with healthcare being such a large, visible industry, we know the sector will continue to be an attractive target for adversaries.

Instead of deploying all security resources at the perimeter (think firewalls, endpoint solutions, etc.), healthcare organisations are better off putting proactive security measures in place too, like Zero Trust. This will help make your organisation more resilient to attacks, even once they’re inside your systems – that way, a minor breach doesn’t become a life-threatening situation.

Begin today for a healthier tomorrow

Achieving a Zero Trust security posture might seem daunting at first, but it doesn’t have to be. The good news is that there are incremental steps any healthcare organisation can take to strengthen their security posture immediately.

First, focus on gaining comprehensive visibility into communications and connections across your IT environment. To discern which pathways and infrastructure are most high-risk, you must holistically assess your organisation’s risk landscape.

From here, determine what you need to safeguard first. Identify where to implement security controls to minimize unnecessary access and movement around your most high-value assets. Then, focus on deploying the right solutions for your business. For example, by employing Zero Trust tools like micro-segmentation, healthcare organisations are ensuring assets can only interact and communicate with the data they need. What’s more, micro-segmentation can help organisations ensure that even in the event of a breach, their most critical assets remain unscathed – containing ransomware to the initial point of impact. Micro-segmentation and other Zero Trust tools, like multi-factor authentication (MFA) and single sign-on (SSO), are safeguards every healthcare organisation can put in place to ensure proactive protection from the get-go.

Finally, work from the inside-out and think long-term. Once you have secured the most critical assets by building Zero Trust policies around the most vulnerable pathways, you can expand outwards — achieving more complete control of your environment with every additional pathway you secure.

All the while, it is important to remember that when implementing Zero Trust, an organisation needs to strike the balance between limiting risk exposure whilst allowing for growth. The threat landscape will evolve organically as your organisation scales, so keep your Zero Trust strategy flexible, versatile, and capable of responding to today’s dynamic and evolving cyber threats.

Most importantly, don’t delay. It’s easy to wait until you have the perfect plan on paper to start implementing your Zero Trust strategy. But while you’re developing and refining your approach, attackers will keep attacking. To build resiliency now, focus on taking small steps forward. Incremental progress will make your organisation more resilient than it was yesterday, enabling you to maintain medical functions and continue servicing patients, even in the face of a breach.

By Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio