Cybersecurity remains top of mind for healthcare, as it is the most targeted industry, incurring the highest average cost of a breach ($9.2M), with the slowest incidence response time (287 days).1
As a healthcare community, we have faced new challenges over the last twenty-four months. While the pandemic has created many new hurdles for the healthcare sector, it also became the catalyst for healthcare innovation and transformation and has accelerated change.
Examples of this change include:
- Hybrid and remote work are now commonplace
- Adoption of virtual care and telehealth are widespread
- Acceleration of IoT and remote patient monitoring
- Increased digitization of healthcare
- Heightened focus on digital patient experiences
With change comes new security requirements
Healthcare is evolving into a new era where nearly everything is connected through digital technologies that improve the way healthcare is delivered to patients. The future of healthcare is being driven by digital transformation that evolves our provider care delivery models, with a heightened focus on open-standards interoperability. This ongoing digitization will continue to elevate and introduce new security risks as the threat landscape becomes more complex.
Health systems and hospitals continue to evaluate and implement new models for care delivery beyond the hospital walls, such as remote clinics, ambulatory surgery centers, and home health. The digital platforms connecting these locations may be regional, national, or international. While this connectivity creates great opportunities for transformation, it also creates broader attack surfaces for financially motivated threat actors.
Healthcare has experienced an ever-increasing frequency and severity of cyber security breaches. Cyberattacks in healthcare more than doubled in 2020, with ransomware accounting for 28% of all attacks. It’s easy to see why the data-rich healthcare industry is a target for bad actors.2
Cybersecurity breaches for healthcare organizations and patients involve the theft of protected health information (PHI), personally identifiable information (PII), ransomware attacks, and the potential to hack and control medical devices. Breaches can result in longer patient stays, delays in procedures, and diversions to other facilities.
Medical device security is also a concern for healthcare providers as bad actors take aim at vulnerable unpatched systems and improperly configured devices. The number of connected medical devices can represent up to three-quarters (74%) of the devices on a healthcare delivery organization’s network.2
The proliferation of smart and connected medical devices will only continue in the future. Between 2020 and 2028, the smart medical devices market is projected to grow by 20.1% CAGR.3
To complicate the landscape further, healthcare organizations must consider standards and regulatory requirements such as those found with HIPAA, ISO, NIST, GDPR, and PCI DSS. To protect critical patient data and clinical systems, many healthcare IT leaders have recently adopted the Zero Trust security framework to bolster cybersecurity defenses. While it is both a strategy and an architectural model, organizations need to recognize that it is also a journey.
Cisco defines Zero Trust as a comprehensive approach to securing all access across an organization’s applications and environment, from any user, device, and location. It protects the workforce, workloads, and workplace.
Five ways to improve security posture in 2022
In summary, the overarching mission for CISOs and their security teams is to protect their institutions while maintaining business continuity.
Here are five ways that healthcare organizations can improve their security posture this year:
- Deploy endpoint and malware protection for devices and users
- Automate IT and security tasks to reduce threat risks
- Adopt a zero-trust security framework to help prevent unauthorized access
- Test incident response plans, conduct regular risk assessments and table tops with business alignment
- Leverage threat intelligence tools to proactively identify, mitigate, and remediate security threats
As the world’s largest provider of networking, collaboration, and security technologies, Cisco is committed to addressing the security challenges of the healthcare industry. We encourage you to explore our cybersecurity solutions for healthcare in greater depth in our portfolio explorer tool.
1 Modern Healthcare, Scripps Health cyberattack cost the company $113 M, August 11, 2021
2 The Forrester New Wave: Connected Medical Device Security Q2 2020, June 1, 2020
3 Data Bridge Market Research: Smart Medical Devices Market 20.1% of CAGR by 2021