Healthcare professionals must think beyond the cloud and implement Zero-trust cybersecurity to successfully fight against the raging hacks their industry faces.
Attackers usually target holes in the network server, improperly created cloud configurations, insecure endpoints, and weak or insufficient identity management and security for privileged access. The theft of identities, medical records, and privileged access credentials is a critical issue for hackers targeting healthcare. On average, it costs a healthcare provider 10.1 million to recover from an attack. 25% of healthcare professionals say a ransomware attack has forced them to cease operations.
Healthcare should build upon cloud security that is secure and has zero credibility
Forrester’s latest report, The State of Cloud in Healthcare in 2023, provides a fascinating review of how healthcare organizations are rapidly accelerating their cloud adoption in hopes of bringing security under control. Eighty-eight percent of healthcare decision-makers have used cloud-based public platforms, and 59% have embraced Kubernetes to provide greater availability of their main enterprise systems. On average, healthcare organizations invest $9.5 million annually across all cloud services they’ve integrated into their technology stacks. The results are impressive — up to a certain degree.
What’s required is for healthcare providers to redouble their efforts on zero trust first before making a full-time commitment to Identity Access Management (IAM) and the security of endpoints. The most interesting aspect of this Forrester research is its proof that ongoing developments of Amazon Web Services, Google Cloud Platform, Microsoft Azure, and IBM Cloud are hitting the right note in the healthcare industry. Their efforts to prove that cloud-based platforms have more security than traditional networks are being heard.
This is great news for the healthcare industry as the most recent information provided by the U.S. Department of Health and Human Services (HHS) Breach Portal indicates that over the past 18 months, 458 healthcare organizations were breached by the network servers, which exposed more than 69 million identities of patients.
The HHS website reveals that the digital pandemic has harmed 39.9 million patient identities over the initial six months in 2023. These identities were collected from 298 incidents. Of these, 229 came from successful hacking, 61 were due to unauthorized access/disclosure as well as the remaining due to the theft of medical records. BEC (Business Email Compromission) (BEC) or pretexting has been responsible for 54 breaches since January, compromising 838,241 patients’ identities.
They are considered the top-selling products on The Dark Web; patient medical records offer a wealth of data to attackers. Cybercriminal gangs and worldwide organized Advanced persistent threat (APT) groups take, sell, and use patient names to create fake identities. Criminals earn as much as $1,000 per patient, depending on how thorough the identity and medical information are.
Converting weaknesses into strengths requires no confidence. It is impossible to turn weaknesses into strengths with zero trust
Forrester concludes that healthcare facilities are the most targeted targets for hackers due to their outdated technology, particularly when storing sensitive patient information. This weakness is amplified by the need to give patients the most critical medical healthcare.
“Threat actors are increasingly targeting flaws in cyber-hygiene, including legacy vulnerability management processes,” Srinivas Mukkamala, chief product officer at Ivanti, spoke to VentureBeat.
In reality, Ivanti’s Press Reset Report: A 2023 Cybersecurity Status Report discovered that all companies are failing to protect themselves from ransomware, API-related attacks, and supply chain attacks. The research findings by Ivanti highlight the necessity for zero-trust to be an immediate prioritization for all healthcare institutions since many are with other sectors on these essential aspects.
Forrester discovered that “CISOs might be hesitant to rely on the cloud public however, the outsourcing of their business to a multitenant cloud could benefit healthcare providers by providing the military grade AES256-based data security which helps to protect against data theft and exposure. Global hyperscalers can provide compliance-compliant instances as well as consulting services to help you meet the requirements of regulatory compliance. Similarly, EHR systems such as Oracle Cerner and Epic Systems are now offering cloud-based offerings/partnerships.”
Every healthcare facility should have a zero-trust plan tailored to the biggest threats to its business
The aim is to be more resilient over time without breaking budgets or requesting large expenditures across the board. The best place to begin is to create a zero-trust plan. There are several basic documents CISOs and CIOs who manage cybersecurity and healthcare IT must use to tailor zero-trust security for their particular business requirements.
The first comes from the NIST (NIST) National Cybersecurity Center of Excellence (NCCoE). The NIST Cybersecurity White Paper (CSWP), Planning to Implement Zero Trust Architecture: A Guide for Federal Administrators, provides a roadmap to transition to zero-trust structures using a NIST Risk Management Framework (RMF).
2. John Kindervag, who established zero trust at Forrester and is currently the senior vice president of cybersecurity strategy, and ON2IT group associate at ON2IT Cybersecurity along with Professor. Chase Cunningham was among the many leaders in the industry who drafted the helpful Presidential’s National Security Telecommunications Advisory Committee (NSTAC) Draft on Zero Trust and Trusted Identity Management. The document defines zero trust architecture as “an architecture that treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated and their access authorized.”