The Crippling Impact of Cyberattacks in Healthcare: How Can Organisations Boost Resilience

The Crippling Impact of Cyberattacks in Healthcare - How Can Organisations Boost ResilienceImage | AdobeStock.com

Since the onset of Covid-19, the global healthcare sector has faced significant instability. And as organisations struggle to meet soaring service demands, the current economic crisis only amplifies the problem. Organisations across the globe are facing tremendous pressure to improve efficiency, while also reducing operational costs. However, the growing threat of cyberattacks in the healthcare industry is constantly diminishing such efforts.

Healthcare is already one of the most targeted industries in the world. Since 2018, organisations have suffered more than 500 publicly confirmed ransomware attacks that have crippled over 13,000 healthcare facilities and compromised over 49 million patient records. The cost of downtime alone from these attacks is projected to be $92 billion.

Beyond the financial consequences, such attacks also pose a risk to critical patient care. The recent ransomware attacks on two French hospitals are key examples, forcing the shutdown of critical services and relocation of patients.

So, with cyberattacks on critical healthcare services threatening to significantly disrupt the harmony of a society and nation, how can the healthcare sector reduce risk and build cyber resilience?

Adopting an assume breach mindset

In the current era of persistent threats, the traditional approach of trying to prevent attacks is no longer sustainable. Rapid digital transformation, cloud migration, and extended hyperconnectivity within healthcare environments have expanded the attack surface. Healthcare professionals need access to real-time patient information from any location, making security infrastructure more complex to manage.

Instead, organisations must adopt an “assume breach” mentality and plan for an attack. This means proactively hunting for cyberattacks and building a healthcare cyber resilience model based on risk. Organisations need to understand the interdependencies between their applications and medical systems and put in place policies to protect the most critical services.

Recent Illumio research revealed 52 percent of organisations are already operating with this mentality. However, in order to effectively put “assume breach” in action, organisations need to implement a Zero Trust strategy – an approach rooted in the continuous validation and authentication of users before granting them access to any particular application or data.

Although 99 percent of organisations recognise the importance of Zero Trust, only 36 percent have actually implemented the strategy. Greater progress needs to be made if organisations are to stand a chance against sophisticated attacks like ransomware.

How does a ransomware attack unfold on healthcare networks?

Ransomware attacks are one of the most imminent threats to a critical industry like healthcare. Cybercriminals use the patient’s life-and-death stakes to exert more pressure on the organisations to meet their ransom demands.

To protect against ransomware, organisations need to first understand how attacks unfold. Most attacks begin with an initial point of compromise. Attackers gain access to a network through leaked credentials, access privilege abuse, and exploitation techniques (such as SQL injection). The attacker then moves laterally across different systems and applications until they reach their target.

Healthcare is no exception; attackers can gain access to any user accounts or third-party device connected to the healthcare network, before moving across the network until they reach their goal.

If they reach their target then attackers could encrypt or steal patient data, prevent access to management systems, or even cripple life-preserving equipment.

The only way to stop ransomware is to prevent attackers from moving laterally by isolating and containing the attack at the initial point of entry. This is why many organisations are now turning towards Zero Trust Segmentation (ZTS) as the answer.

How can Zero Trust Segmentation (ZTS) help healthcare? 

ZTS protects functions and departments by applying least privilege access controls to how applications and medical devices communicate.

In simpler terms, you can imagine ZTS as a hotel. The main entrance of a hotel is its perimeter, and if someone enters through this perimeter, they can only access the lobby – not the rooms. Each individual room has its own unique key with unique guest policies. For example, if a guest checks out at 12:00 pm, they can’t access the room again at 12:30 pm. They will need to go to the front desk, get re-verified and attain the key from the admin to gain access again.

ZTS functions in the same way. It divides departments, medical systems, applications, and data centres into distinct segments. This way, when attackers breach the perimeter and gain access to a specific system, they are contained within that particular network segment and cannot move.

ZTS is based on the “never trust, always verify” principle of Zero Trust and is the only reliable and effective solution to stopping ransomware attacks. In fact, tests by cybersecurity institute Bishop Fox reveal that ZTS can detect and stop ongoing ransomware attacks four times faster than detection and response alone.

Building a robust and resilient security infrastructure

The path to cyber resilience starts with Zero Trust. Healthcare organisations must set policies against cyberattacks to ensure that the network continuously verifies, authenticates, and authorises all users requesting access, whether inside or outside the network.

The first step is assessing your risk landscape to identify which resources and network connection pathways are most vulnerable. This will allow you to prioritise high-value assets and resources to determine where best to implement security controls to minimise unnecessary access.

From there, start implementing Zero Trust Segmentation. Identify critical systems and apply controls based on least privilege. This will restrict the communication methods used by ransomware and so reducing the impact of any attack.

Always work from the inside out and think long-term when implementing these solutions. Once you have established the Zero Trust policies and enforced the security controls around your most vulnerable pathways, you can expand outwards and look at the additional pathways into your network. Doing so will help build your resilience to cyberattacks, while also supporting digital transformation.

Looking forward

The healthcare industry has suffered monumental challenges in the past few years and unfortunately, 2023 is not poised to be any better.

With the stakes high, healthcare will remain a top target for cyberattacks from criminals who will seek to cause maximum disruption. The proliferation of connected devices and open Wi-Fi connections within healthcare environments could enable attackers to launch new and more targeted attacks on individuals through the compromise of health technology like monitoring equipment or pacemakers. So, organisations must take proactive steps to build resilience now or risk severe consequences.

It’s critical that healthcare organisations shift from a “find and fix” mindset to one of “limit and contain,” to ensure patient care is not compromised in the face of increasingly sophisticated attacks. Zero Trust must become the default strategy for cybersecurity, because only by assuming breach can organisations truly safeguard critical operations. And in a sector like healthcare where availability can mean the difference between life and death, cyber resilience is paramount.

By Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio