The growing reliance on technology in healthcare has made the sector a prime target for cyberattacks.
This requires healthcare organisations to have a security leader who can provide a focused, comprehensive approach to protecting sensitive information and systems.
Being a Chief Information Security Officer (CISO) in the healthcare industry has added pressure as cyberattacks threaten more than the bottom line, they threaten the ability to deliver critical services and treatment to patients.
This additional pressure means that the modern-day CISO needs to shift their cyber defence strategy from cybersecurity to “cyber resilience.”
Cybersecurity challenges in healthcare
Cybercriminals take advantage of the weaknesses in healthcare organisations’ digital networks to launch attacks.
The volume of sensitive patient data stored electronically poses a significant challenge to cybersecurity in the healthcare industry as these attackers aim to access confidential information which can have critical consequences on patient care and patient data records.
The healthcare sector, witnessing this rise in cyber threats, has highlighted the key challenges and financial implications that follow.
According to IBM’s Cost of Data Breach 2023 report, the average cost of a data breach in healthcare is around £8.63 million, which is more than double in any other industry.
Ransomware attacks persistently threaten healthcare organisations by targeting devices and applications.
If these attacks are successful, they can be critical to healthcare because of the sensitive nature of the data involved can risk patient safety and privacy.
Ransomware attacks can encrypt this information and disrupt medical services by impacting medical staff’s ability to access essential information to treat and look after patients effectively.
To combat this, healthcare CISOs must rely on cyber resilience for endpoint devices and security applications that can help identify breached systems and recover quickly, all while preventing the risk of reinfection.
Dealing with these incidents can cost millions of pounds in legal fees, with incident response and potential lawsuits.
The financial implications also extend to the cost of cancelling organised medical procedures and appointments such as surgeries and outpatient services.
In 2019 the NHS was attacked by cybercriminals which resulted in 19,000 appointments being cancelled.
The attack was the most expensive in NHS history, costing £20 million on cancelled appointments and £72 million on technology to recover data and improve security infrastructure
Security Issues
The healthcare sector runs multiple connected devices and digital technologies to enhance patient care and improve efficiency.
In the average hospital, there are dozens of connected devices per patient bed. Each device has a variety of different functions that are essential to patient care.
However, many of these devices are run on outdated software which lack the sufficient cybersecurity protections.
This vulnerability exposes these devices to a cyber-attack which can have serious implications for patient care and data security.
Damage to patient care is the inevitable consequence of a cyberattack, whether it be blocked access to medical records or the release of sensitive patient information, which can cause confusion and distress for patients due to their private information being leaked.
The threat of ransomware can extend beyond this as studies show cyberattacks can cause implications that lead to patient deaths.
In an attack in 2019 on Springhill Medical Center in Alabama caused disruptions that led to a newborns death according to a lawsuit filed against the hospital.
The key in a distributed working environment, such as a hospital or wider network, is for a healthcare CISO to have full visibility over the network.
Implementing systems such as resilient Zero Trust, for example, can detect suspicious activity on a specific device or application.
Once suspicious activity is detected, an alert will be sent to the CISO or a centralised IT team that can then isolate the specific device or application to freeze or shut it off, preventing a malicious actor from moving laterally across the network and causing more damage.
Strategic focus
A critical aspect of a CISO’s role is balancing the organisation’s business and security needs by communicating with key stakeholders to understand what systems are most at risk from a cyberattack.
Focusing on business continuity can minimise the impact in the event of an attack and increase the difficulty for attackers to compromise critical systems.
Implementing security frameworks like NIST 800-53 can help health organisations prioritise security initiatives by covering both physical and digital security aspects.
By doing this, it uses an approach that recognises the interconnected nature of modern cybercrime threats.
Many critical systems are interlinked, with digital and physical components relying on each other.
Attacks on one aspect of a system can impact another.
Compromising digital security can lead to unauthorised physical access but by protecting both aspects, it can mitigate the risk of an attack on the system. Healthcare CISOs having a strategic focus can minimise the effects of an attack.
This strategic focus should combine resilient technologies that enable the self-healing of devices, resilient Zero Trust to increase a CISOs visibility over the network, secure network access to bolster user authentication, as well as training to ensure staff are aware of the threats facing their organisation on a daily basis. Anyone or any endpoint can be a target.
Cyber resilience
With digital technology becoming an increased presence in healthcare, it is essential to balance the benefits of technology alongside the caution of cybersecurity measures in order for healthcare CISOs to keep their organisation protected.
Focusing on Cyber resilience instead of cybersecurity can not only aim to prevent cyberattacks, but to prepare when one happens.
Moving away from prioritising threat detection and prevention to encourage a more inclusive strategy that includes response and recovery can encourage a more holistic approach to protecting healthcare data systems.
Changing the response to cyber threats and business continuity can allow CISOs to go beyond preventing cyberattacks, and to focus on the organisations’ ability to adapt and respond to evolving threats.
