The Top 3 Cyberthreats Facing Healthcare Organizations Today

He recommends that healthcare organizations deploy a sophisticated email gateway solution augmented by DMARC capability to help authenticate and mitigate imposter-style attacks.

“Security awareness training should also be part of the security layer. Certain users, those who have a propensity to click or those who are more prone to attack, should have isolation technology deployed so that their email activity operates within a containerized environment,” Witt adds. “Healthcare increasingly is adopting cloud-based solutions, so a cloud access security broker should be deployed in those scenarios. Finally, information protection solutions that include data loss prevention capabilities should be strongly deployed by healthcare institutions.”

2. Ransomware Continues to Challenge Healthcare Organizations

“Unfortunately, healthcare organizations continue to be targeted as the No. 1 sector in the ransomware space,” says Tapan Mehta, a healthcare industry solutions leader at Palo Alto Networks.

He explains that these attacks are coming from individuals as well as nation-state actors who are after patient data. The average ransomware payment in cases worked by Palo Alto’s incident responders rose to $925,162 during the first five months of 2022.

“The largest ransom was close to $10 million, and those numbers continue to increase in terms of attack frequency and the probability of healthcare organizations being willing to pay the ransom,” says Mehta. “They can’t be in a situation where their systems are down. and patients aren’t getting the care they need.”

3. Increasing IT Complexity Creates More Attack Vectors

Healthcare organizations are deploying more biomedical and Internet of Medical Things devices, which increase IT complexity and create more attack vectors for bad actors to target. In addition, Mehta points out, many existing legacy devices have a long shelf life (10 to 15 years for some) but don’t receive frequent software updates.

“If you look at this year’s data, there’s been a 123 percent spike in IoT-related attacks,” he says. “They’re the perfect entry points for attackers to break into a healthcare system. That’s part of the reason healthcare should segregate devices on a separate network rather than the same, converged network.”

As healthcare moves further in its cloud journey, hybrid or multicloud environments also complicate the IT landscape. Remote work also has led to an expansion of the organization’s IT perimeter, and Mehta says that 300- to 400-bed hospitals may have up to 500 apps running in their environment, from the electronic health record and picture archiving and communication systems to billing and human resources-related workflows. All these apps and devices need to be maintained and secured.

Click the banner below to discover how MDR can support your security strategy.

“There’s an ongoing barrage of attacks because there are so many entry points with IoMT devices and legacy systems,” says Mehta.

He recommends that organizations take a holistic view of security rather than relying on several point-based solutions. A zero-trust approach can help organizations better protect their environments. For healthcare organizations, users could be employees at an acute or outpatient facility, in the hospital, at home, or anywhere. As they access their information, Mehta says, a zero-trust framework will verify that the user is who they say they are before granting access. It will also ensure they only have access to the apps and data the organizations want them to access based on their role and privileges. With a zero-trust approach, organizations also should ensure that the same policy and compliance is applied to all IT environments to protect patient data.

“The reason zero trust is critical is that the traditional perimeter of care has changed with telehealth and other services. That boundary has expanded tremendously. That’s been fundamental in motivating customers to have a broader strategic approach as it relates to a zero-trust network architecture,” says Mehta. “Secure access service edge has also become critical, because there are now a lot of outpatient and remote settings providing care. Healthcare organizations have more ancillary facilities, and they need to know how to make sure those sites can access patient records in a seamless and secure manner.”

Partnering with Experts Strengthens Healthcare Cybersecurity

While large healthcare organizations may have the internal resources to mitigate cyberthreats, many smaller, regional and rural healthcare organizations have trouble filling all their security gaps on their own, especially amid IT staff shortages. That’s why more hospitals are looking for partnerships with security experts that provide services such as managed detection and response.

“Partnering with organizations that can provide threat intel that shows precisely which parts of the enterprise are being attacked is important,” says Witt. “More specifically, research showing very attacked users or very attacked departments should be used to help healthcare organizations determine where to focus their security efforts.”

“It’s not ‘if’ but ‘when’ for healthcare organizations,” Mehta adds. “They will want to have a playbook in place should they be compromised. A security partnership is important to ensure healthcare organizations can pivot quickly.”

Keep this page bookmarked to keep up with all of HealthTech’s Cybersecurity Awareness Month coverage, including more on managed detection and response.