Building Resilience in Healthcare as Cyberattacks Continue


Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images

The health sector is overwhelmed with advanced persistent threats. Many of them come from Russian state-sponsored cyber and espionage groups. It leaves a very sensitive patient-centric electronic protection risky health information.

A look at the risks and appropriate answers for Digital diary is Benny Czarny, founder and CEO of OPSWAT.

According to Czarny, to truly understand the nature of the risk, it is necessary to understand the reasons behind the attacks on the health field. Here he finds: “The first question in the face of the recent increase in threats to health care is ‘why? – and that’s a pretty simple answer.

Czarny sees this reason as follows: “Regardless of the threat actor, patient and insurance data and massive disruptions are at the heart of what they seek.”

From this basis, mitigations can be considered. According to Czarny: “Now understanding vulnerabilities and how to strengthen them becomes a bit more complex.”

But first, the nature of health care must be assessed: “Health systems deal with a vast network of providers, referral networks, insurers, etc., offering multiple points of access to data patient numbers. In an environment where healthcare costs are exorbitant, cost controls such as staff reductions and reductions in software spending can impact systems that go unpatched. The result? Opening obsolete systems to legacy vulnerabilities. Added to these vulnerabilities are the challenges of managing a multi-vendor environment where patient data is shared across networks and systems.

There are other vulnerabilities that need to be recognized, says Czarny: “What is of most concern in healthcare are the attack surfaces, and if not reduced, they can cause physical damage. or harm systems and patients. For example, medical imaging and oncology radiology systems are high-value medical systems that, if compromised, will negatively affect patient care and cause financial hardship for the medical facility.

Further: “Another is the patient point-of-care (POC) system, a hospital system that includes bedside terminals or other devices to capture and enter data at the point where patients receive care. These systems are connected to the network via WiFi and if compromised, it will impact patient care.

Based on these alarming points, what to do? Czarny offers, “The growing adoption of zero-trust technologies is a good indication of better awareness and better controls.”


Comments are closed.