Cybersecurity and Healthcare IoT Leaders Discuss Protecting Patient Data during Frost and Sullivan Growth Council Think Tank Meeting
Technological advancements in healthcare have driven innovation in cybersecurity to safeguard vulnerable patient information. Frost & Sullivan, during their cybersecurity Think Tank, “Protecting Patient Data: The Importance of Cybersecurity in Healthcare IoT,” brought together some of the leaders in healthcare IoT device security to discuss the impact of cyber threats on patient data security, as well as trends in cybersecurity and the future of healthcare.
Greg Caressi, Senior Vice President, and Dr Rishi Pathak, Global Research Director at Frost & Sullivan, moderated the session. Timur Ozekcin, CEO of Cylera, Gus Malezis, President & CEO at Imprivata, and Tapan Mehta, Global Leader of Healthcare & Pharma Life Sciences Strategy at Palo Alto Networks served as panelists.
The importance of security management in the world of healthcare has intensified with the rise of breaches across dated infrastructure. According to Frost & Sullivan’s research, more than 90% of US-based healthcare organizations have reported at least one security breach from 2019 to 2023. And many of these healthcare organizations still do not have the proper security measures to prevent future breaches.
Read on for a summary of the discussion and advice shared by the panel experts.
What Makes Healthcare so Vulnerable to Attack?
Budget cuts are negatively impacting cyber risk mitigation strategies
On average, healthcare organizations typically spend 5-6% of their budget on security. When compared to financial services or retail brands that spend upwards of 17-19% of their budget on security measures, it’s easy to see how healthcare has become the number one industry targeted by hackers.
Threats often come from third parties
Healthcare organizations must protect their infrastructure from internal breaches, but these are not the only attack vectors. Supply chain network compromises can also put thousands of patients’ information at risk.
Important healthcare information is shared across a growing number of devices
Staff and patients now access sensitive healthcare information using tablets and other hand-held devices, greatly expanding the attack surface area. The number of these connected devices is projected to grow by almost 200% over the next 5 to 7 years, at which point we will be sharing information on close to 1.3 billion devices.
Key learnings for healthcare organizations
Roll Back Admin Privileges and Assign User Roles Sparingly
Today, almost everyone is an admin or a super user. This means one device compromise can result in a lateral malware explosion. Training staff to be more cyber-aware and limiting admin roles that grant access to sensitive information is key to keeping patient information safe.
Deep Visibility into Network Devices is Critical
These networks are massive, made up of 10-to-15 million medical devices across US hospitals, and an average of 10-to-15 connected devices per patient bed. Organizations can create mammoth networks that make it hard to identify threats. Having a clear understanding of all of the devices on a network is vital for your risk mitigation plan, which includes alerting capabilities that show potentially anomalous or malicious high-risk devices and their individual threat posture. Once you have this visibility, you can strengthen your security strategy and improve your medical device management.
Outside risks are high, with 90% of healthcare providers at risk from third-party vendors. Those working on the frontlines of healthcare information security face daily threats. With hacker sophistication rising daily, healthcare delivery organizations must improve their medical device vulnerability management practices.
The faster you can identify your risks, the faster you can prevent an attack. Your hospital IT security team and clinical engineering staff must both know how to protect your medical devices from multiple attack vectors. If they can’t, your hospital is facing a potentially crippling attack that can risk compromising patient safety and cause irreparable harm to your hospital’s reputation and financial bottom line.