How healthcare organisations can face the cybersecurity challenge of COVID-19

The healthcare industry has always been an attractive target for cybercriminals due to the personal and sensitive nature of the information gathered and the critical nature of the systems that healthcare organisations rely on.

During the COVID-19 disruption, cyber attacks went up across the board and, again, the healthcare industry was in the crosshairs. In the first half of 2020, health service providers were the most targeted sector by criminal or malicious actors, with breaches in this sector accounting for 22% of all breaches.¹

Healthcare organisations are using an increasing number of connected devices, which is making the attack surface even wider for cybercriminals. From Internet of Things (IoT) and Internet of Medical Things (IoMT) devices to connected operational technology and traditional IT, healthcare organisations have a complex network landscape. Then there is the added complexity of guest devices that connect to the network, such as smartphones, tablets and smart watches brought in by hospital patients and visitors. Tracking and monitoring all of these devices presents a significant challenge.

As the number of patients a healthcare organisation treats increases, such as during a pandemic like COVID-19, the number of devices also rises. Especially when the organisation is moving fast to deal with health issues, it can be challenging to conduct the necessary security protocols to manage these devices effectively.

According to a recent Forescout Research Labs report, many healthcare delivery organisations suffer due to poorly segmented networks, a complex mix of personal and sensitive healthcare devices, and devices with default passwords still in place. All of this is increasing these organisations’ risk of cyber attack.²

Protecting healthcare organisations’ digital assets and services during this time of disruption is crucial to ensure that frontline medical staff can continue to provide excellent patient care, even if COVID-19 numbers start to rise again and put pressure on hospitals.

Device visibility is the number one issue that healthcare organisations need to address to meet the security challenge. With new network infrastructure, devices and endpoints being added, visibility is the only way to avoid being overwhelmed with vulnerabilities. Continuous device visibility and control, along with dynamic asset management, network access control and network segmentation, are all ways to improve healthcare organisations’ cybersecurity posture.

It’s also important to reinforce the importance of cybersecurity hygiene practices to prevent digital infections. This means using strong passwords, multifactor authentication and avoiding email links from unknown sources.

Security leaders should also ensure that all software is continuously updated and patched, as this can help prevent attacks on known vulnerabilities. This is a basic security precaution that many organisations overlook, but it can be the difference between a successful cyber attack or remaining protected. This includes making sure medical and other devices are up to date. It only takes one compromised device to create an entry point into the entire network, potentially affecting the entire organisation.

Ransomware targeting healthcare organisations specifically is also on the rise, so it’s important to ensure that systems and data are backed up safely and regularly. Recovering from a ransomware attack is much faster and more straightforward when organisations have a strong backup process in place.

Network segmentation is another valuable strategy to help protect healthcare organisations. By segmenting the network, for example, setting aside a separate part of the network for guest Wi-Fi access versus critical medical equipment access, organisations can limit the risk of an intrusion extending beyond the initial segment. This can help minimise the repercussions of an attack and keep the organisation safer overall.

Healthcare organisations face a threat landscape that’s moving quickly and developing attacks that target their specific vulnerabilities. Therefore, it’s essential to create policy-based controls that don’t require excessive manual intervention to keep the network secure. Automating the way devices are detected, monitored and managed can help reduce the risk they pose to the network. If an infected device does attempt to connect, these automated security protocols can safely contain them.

The rapid influx of new devices in healthcare organisations is critical to delivering improved patient outcomes and experiences. However, they also increase the attack surface and risk for healthcare organisations, especially in a period of disruption such as that caused by COVID-19. Therefore, it’s important for organisations to gain strong visibility and control over all devices without exception. Organisations should choose security tools that eliminate blind spots, automate detection and remediation, and let the IT team focus its resources on initiatives that improve patient wellbeing.

These strategies will remain relevant in the long term and should be put in place sooner rather than later to mitigate the risk posed by COVID-19.

References

1. https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-report-january-june-2020/
2. https://www.forescout.com/connected-medical-device-security-report/

Image credit: ©stock.adobe.com/au/Blue Planet Studio