updated - September 18, 2021 Saturday EDT
Healthcare organizations are being buried under a deluge of ransomware attacks that exploit deep security shortcomings and leave them unable to provide patient care. Managing the threat of ransomware to healthcare requires implementing zero trust security principles with solutions built for modern distributed enterprises.
Ransomware has become a major problem and top-of-mind concern for many companies. A number of high-profile attacks have appeared in the news recently, and ransomware campaigns have targeted businesses of all sizes across multiple industries.
However, some industries are more targeted and more impacted by ransomware and cyber threats in general than others. Throughout the pandemic, the healthcare target has been a prime target for cybercriminals taking advantage of their increased importance to the pandemic response.
Within the last six months, nearly half of hospitals in the US (48%) have been forced to disconnect their networks due to either severe malware infections or the potential for a severe data breach. Data theft has become a core component of ransomware campaigns, making them even more damaging for healthcare providers who are responsible for protecting patient data under the Health Insurance Portability and Accessibility Act (HIPAA).
For hospitals, being forced to disconnect networks has a significant impact on their ability to provide patient care. In addition to limiting access to medical records, these attacks inhibit the use of Internet-connected medical devices such as scanners, patient monitors, and similar tools. Without access to these solutions, it is more difficult for healthcare providers to diagnose issues and provide care to patients.
Healthcare organizations are more targeted by ransomware attacks because they are considered "critical infrastructure." This means that victims are more likely to pay the ransom demand in order to quickly restore operations.
However, the high rate and impact of ransomware attacks on hospitals also point to underlying security issues. Some of the key cybersecurity challenges faced by healthcare organizations include:
Cybersecurity Talent Shortage: The cybersecurity industry is experiencing a significant skills gap with many more vacant positions available worldwide than there are qualified professionals to fill them. This makes it difficult for companies to attract and retain the talent that they need to protect themselves against cyber threats. With understaffed security teams, it is difficult for companies to effectively identify and defend against potential cyber threats.
Rise of the Medical Internet of Things (MIoT): Healthcare organizations are increasingly adopting Internet of Things (IoT) devices to provide more continual patient monitoring and care. However, IoT devices are notorious for their poor security, and including these devices in hospital networks without the proper security solutions in place makes it easier for cybercriminals to gain access to these networks and steal sensitive information.
Limited Network and Device Visibility: The growing complexity of healthcare networks makes it difficult for security teams to maintain an inventory of connected devices. In fact, 65% of healthcare organizations use manual methods for maintaining inventories. These approaches to device discovery leave hospitals blind to the devices deployed in their networks and increase the probability that systems are behind on updates and a threat to corporate security.
These are only some of the challenges that healthcare organizations face when trying to protect their networks against the rising ransomware threat. Overcoming these security challenges requires moving away from legacy security models and solutions.
Zero trust has become a buzzword and a common goal in security. The objective of a zero trust security strategy is to replace the inherent trust granted to devices and users inside the network with the acknowledgment that anything can be a threat to the business. This is accomplished by evaluating each access request on a case-by-case business where the decision to approve or reject it is based on role-based access controls and behavioral analytics.
Implementing zero trust is essential to minimizing the threat of ransomware to healthcare. By breaking healthcare networks down using micro-segmentation and limiting communication between devices and applications, it becomes possible to contain and isolate a potential ransomware infection or data breach without shutting down the entire network.
However, legacy security solutions are not the answer to implementing zero trust security in healthcare or any industry. These solutions are typically standalone devices deployed to protect the network perimeter, which provides no visibility into the cloud, remote sites, or remote workers. This single line of defense leaves enterprises vulnerable to attack and defenseless against an attacker that breaches their perimeter.
An effective zero trust strategy is one that is built with modern security solutions. Making the move to Secure Access Service Edge (SASE) provides healthcare security teams with the visibility, integration, and centralization that they need to protect increasingly distributed and complex IT infrastructure.
TOP 10 FRANCHISES OF 2021