The healthcare industry should rethink cybersecurity with a secure access service edge approach. Two million patients were affected by the Shields Health Care Group cyberattack in New England, which targeted almost 60 healthcare facilities. Following the Shields attack, the next-largest breach disclosed occurred at North Broward Hospital District in Florida, when the data of approximately 1.4 million patients was impacted. Furthermore, the first known death from a cyberattack was reported after cybercriminals hit a hospital in Düsseldorf, Germany, with ransomware, in which hackers encrypt data and hold it hostage until the victim pays a ransom.
The most common attack was ransomware
In recent years, the healthcare industry has been under heavy attack and ranks as the sixth-most attacked industry. Ransomware attacks, at 38%, were the most common in the health sector in 2021. In addition to ransomware, business email compromise (BEC) attacks (25%) hit the healthcare industry fairly hard last year, and server access, credential harvesting, and misconfigurations also had an effect. Vulnerability exploitation was the top infection vector at healthcare organizations in 2021, followed by phishing at 29% and use of stolen credentials at 14%.
On the other hand, the global healthcare cybersecurity market was valued at 12.6 billion dollars in 2021 and is expected to expand at an annual growth rate of 18.3% from 2022 to 2030.
Patients’ data can be sold in dark web
Cybercriminals targeting the health industry mostly use ransomware, phishing, DDoS, IoT malware attacks, and data breaches to reach sensitive data. They mainly target medical records, social security numbers, contact details, intellectual property, research findings, and internal system alterations in the healthcare industry.
With ransomware attacks, cyberattackers can obtain financial gain by locking systems that support hospitals’ medical devices regarding patient care and the administrations of institutions. Record-keeping systems that are out of date threaten patients’ privacy due to their security vulnerabilities. Patient-related information can be sold for the most money on the dark web compared with other industries. Cyberattackers can alter laboratory results through a data breach or hack the remote medical equipment of patients. This may put the lives of patients at risk.
Secure Access Service Edge (SASE) approach should be adopted
Most medical devices rely on outdated technologies, and the lack of awareness about cybersecurity among medical staff causes the sector to be affected by cyberattacks. However, healthcare organizations can decrease the risk of cyberattacks by deploying a layered secure access service edge (SASE) architecture.
Juta Gurinaviciute, the chief technology officer at NordLayer, says, “Considering that many users in the networks of health institutions operate in a scattered structure, health organizations should prevent the network from becoming complex in the first stage. And in the second stage, they should create security policies based on the zero trust approach to neutralize internal and external threats.”
The way to do this is through SASE, which provides health organizations to monitor and limit access through authentication and authorization. Gurinaviciute says, “SASE (secure access service edge) addresses the challenges of static and complex approaches to network security as it can be managed from a single source. And it delivers a secure network connection to authorized users of the network wherever they are. When it comes to patient confidentiality, healthcare organizations can strengthen security levels at different layers and improve agility and mobility in a modern cybersecurity environment with a SASE architecture.”
SASE (secure access service edge) brings best-in-class networking, security, and observability functions under one roof by including a software-defined wide-area network, a secure web gateway, a firewall as a service, a cloud access security agent, and zero-trust network access (ZTNA). SASE provides these tools as a cloud service, allowing decentralized, digital businesses like those in the healthcare industry to thrive.