Security

Healthcare Security: Minimizing the Impact of Economic Hardship

Provider organizations can still find ways to mature their security programs amid industry challenges.

Damian Chung is the business information security officer at Netskope. He is a cybersecurity leader with over 10 years of security experience focused in healthcare and also serves as an adjunct professor for the cybersecurity program at the University of Advancing Technology in Tempe, Arizona.

The Cybersecurity and Infrastructure Security Agency recently placed healthcare among the critical infrastructure sectors that are “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”

While health organizations continue to recover from revenue lost during the peak of the COVID-19 pandemic, they’re now also being hit with labor shortages and inflation that is impacting supply chain costs. To make matters worse, some predictions for this year warn that our current economic circumstances could lead to the most catastrophic attack against a healthcare organization to date.

According to recent reports, the number of ransomware attacks on U.S. healthcare organizations increased 94 percent from 2021 to 2022. Even with that acute spike, healthcare providers still spend only an average of 4 to 7 percent of their annual IT budgets on security.

So far, most cybersecurity budgets for 2023 aren’t being drastically impacted, but healthcare security leaders are being asked to delay some of their spending until later in the year. While it might be tempting to simply tread water under these circumstances, successful CISOs are finding ways to proactively develop their security programs.

Click the banner for access to exclusive HealthTech security content and a customized experience.

Strive for Efficiency While Reducing Cybersecurity Risks

Whether it's in healthcare or another industry that’s feeling a budgeting pinch, security teams must look for ways to be more efficient as they simultaneously reduce risks. Resourceful CISOs don’t need to spend a ton of new money to do this.

One area for strategic investment would be improving visibility across the organization. Integrating tools and building more of a security ecosystem across the organization’s broader infrastructure can improve efficiency and effectiveness and increase the amount of automation that can be implemented.

Repetitive tasks and workflows can sometimes be replaced with a simple script or two. This frees up limited human staff resources for higher-value tasks, such as threat hunting. For example, Netskope features about 20 different automated workflows, which saves the organization the cost of three full-time workers.

DISCOVER: The top three cyberthreats facing healthcare organizations today.

Evaluate Your Exposure to Cybersecurity Threats and Vulnerabilities

Threats present a moving target; they continuously evolve and grow more sophisticated over time. But your exposure to attacks also is always changing, through business expansion, adoption of new digital tools and services, and the natural ebb and flow of users coming and going.

Security leaders must continuously assess risk exposure across their organization. They should look for ways to optimize their security programs to address the specific risks they identify. It’s important to ask whether there are any things that your security operations teams are currently doing daily that could be improved through basic tuning of processes and policies.

To properly assess risk exposure, security teams must take data from many different security products — such as solutions for cloud, endpoint and email security functions — and combine all of that information to provide a clear and complete picture of actual risk. You want to be able to tell whether a user’s cloud activity is problematic, if their device security posture is at risk due to high contact with malware or whether they have all the required controls installed on their endpoints. Are they prone to clicking on malicious links in emails?

It's much more efficient to review risk exposure by cross-analyzing data from all security tools deployed across the organization, perhaps through a continuous trust strategy.

LEARN MORE: What are the benefits and requirements of cyber insurance for healthcare?

Healthcare CISOs Are Doing More with Less

Today’s economic pressures will hopefully subside sooner rather than later. In the meantime, successful security leaders will take a strategic approach to keeping their essential healthcare organizations safe from outside attacks. Once you’ve optimized everything that you already have in place and evaluated where the problem areas for risk might be in the organization, you’re in a much stronger position to have even limited security budget dollars make an impact across the infrastructure.

Enhancing visibility, automating repetitive tasks, integrating tools and cross-comparing security data for more meaningful metrics are all areas where focused investment can help healthcare CISOs enhance their security ecosystems and repel the latest opportunistic threats — without major budgetary strain.

Morsa Images/Getty Images