Understand the current state of Healthcare Security and what must be done to improve it. 

Healthcare is an industry currently undergoing the most dramatic transformation in its history, facing unique challenges never seen before. Covid-19 ravaged hospital finances and forced providers to pivot from lucrative consults and elective surgeries to pandemic emergency care. This in turn led to the need for another (long overdue) pivot towards telehealth, telemedicine. and remote health services as patients were told to avoid hospitals. And of course, this all happened during an industry-wide move towards digital transformation, interoperability, a massive growth in the number of medical and other healthcare IoT devices, each bringing its own unique security challenges. 

Risk of Heightened Attacks

As if these transformational challenges were not enough, healthcare is also one of 16 US Critical Infrastructure Sectors under PPD-21, and therefore a potential target of nation-state cyber-warfare attacks against the United States. Given a long history of such attacks by the Russian GRU against other countries and a proclivity by the Kremlin to give carte blanch to Russian organized crime syndicates engaged in cybercrime, risks are high that an imminent attack could be launched against US healthcare.

A cyberattack against healthcare is not just an act of cyber extortion or cyber warfare, it risks the lives and safety of patients. When HIT and HIoT systems are not available because of cyberattack, patient morbidity and mortality rates increase, just as they did under the North Korean ‘Wannacry’ or Russian GRU ‘Not Petya’ attacks of 2017.

The State of Healthcare Defenses

In 2022, the ability of hospitals and other medical providers to withstand a devastating ransomware or other cyberattack has improved, but healthcare institutions are a long way from being impregnable. The industry lacks the tools and people resources necessary to mount a full defense. It is therefore vulnerable and in need of supplementary security services. Services that are perhaps best addressed by managed security services providers (MSSPs) and others with deep security domain expertise.

Clinical, technological and security resourcing across healthcare has been stretched to the limit exacerbated by clinicians leaving the industry en-masse. There is also a global shortage of cybersecurity professionals, a race in which healthcare has found it increasingly hard to compete for scarce resources. Finally there is an additional skills mismatch as re-skilling of staff has not kept up with the adoption and implementation of new technologies. 

Given the growing challenges of securing healthcare and keeping patients safe, Cylera’s Chief Security Strategist and International Healthcare Luminary, Richard Staynings, presided over a recent discussion, challenging four leading technology and security executives with these problems. Join Richard and his guests at the recent Denver Managed Security Services Forum and hear their thoughts in the video recording below: