The healthcare sector is being inundated with advanced persistent threats. Many of these are coming from Russian state-sponsored cyber and espionage groups. This leaves highly sensitive patient-centric electronic protected health information at risk.
Looking into the risks and appropriate responses for Digital Journal is Benny Czarny, Founder and CEO of OPSWAT.
According to Czarny, to truly understand the nature of the risk it is necessary to understand the reasons for the attacks on the healthcare arena. Here he finds: “The first question when looking at the recent rise of healthcare threats is “why?” – and it’s a fairly simple answer.”
Czarny sees this reason as: “Regardless of the threat actor, patient and insurance data and massive disruption are at the core of what they’re after.”
From this base, mitigations can be considered. According to Czarny: “Now, understanding the vulnerabilities and how to harden them becomes a bit more complex.”
But first, the nature of healthcare needs assessing: “Healthcare systems deal with a vast network of providers, referral networks, insurers, and more – providing multiple access points to digital patient data. In an environment where healthcare costs are exorbitant , cost controls such as staff reduction and cuts in software spending can have an impact on systems not being patched. The result? Opening outdated systems to legacy vulnerabilities. Coupled with these vulnerabilities are the challenges of managing a multi-vendor environment where patient data is shared across networks and systems.”
There are other vulnerabilities that need to be acknowledged, says Czarny: “What is most concerning when it comes to healthcare are the attack surfaces, and if not reduced, have the potential to cause physical damage or harm to both systems and patients. For example, medical imaging and radiology oncology systems are high-valued medical systems that, if compromised, will adversely affect patient care, and cause financial hardship to the medical facility.”
Furthermore: “Another one is the patient point of care system (POC), a hospital system that includes bedside terminals or other devices for capturing and entering data at the location where patients receive care. These systems are network-connected over WiFi and if compromised, it will impact patient care.”
Based on these alarming points, what is to be done? Czarny proposes: “The increasing adoption of zero-trust technologies are a good indication of improved awareness and better controls.”
