Why Healthcare Organisations Need a Multi-Layered Approach to Protect Against Ever-Evolving Threats
Today, England's aging population, the growth in chronic conditions and co-morbidities, a shortage of young people entering the profession, the deployment of new technologies, processes and treatments, an explosion in data, as well as an escalating threat landscape all contribute to the UK's healthcare challenges. This complex combination is creating opportunities for threat actors to take advantage of weaknesses in systems security and technology as attention is diverted elsewhere.
Virtual Settings Increase the Attack Surface
Until COVID-19 struck, UK healthcare was structured around face-to-face interactions between patients and clinicians in hub settings such as hospitals and GP surgeries. When the pandemic made this approach too high-risk, it ushered in an era of virtual consultations on a scale never previously attainable.
The population quickly saw the advantages – from both convenience and safety perspectives – of accessing healthcare support virtually. However, by July 2022, the NHS waiting list had grown to a record-breaking 6.8 million people, with 377,689 waiting longer than a year for treatment. This is happening in an environment where NHS staff vacancies are at an all-time high, with proposed strikes on the horizon, meaning the service faces the challenges of delivering better care, at higher volumes, with fewer staff.
Add to this the escalating threat landscape and growing threat of an attack. According to IBM's 2022 Cost of a Data Breach Report, the average costs of a breach increased to USD 4.35 million in 2022, climbing 12.7% from USD 3.86 million in 2020. Where healthcare is concerned, cybersecurity isn't just about protecting patient data anymore: a cyberattack can take a hospital offline for days, weeks or even months, disrupting operations and leaving patients vulnerable, especially if they fall victim to ever-more sophisticated ransomware attacks. In fact, ransomware set annual records in 2022, with new ransomware strains emerging and healthcare providers being heavily targeted.
Careful Planning and a Multi-Layered Approach
So how can healthcare providers build resiliency, respond to attacks effectively, and recover their operations as quickly as possible? This is where careful planning and a multi-layered approach to prevention and response are essential to defend against healthcare's mounting cyber threats.
The pandemic accelerated the adoption of telehealth and remote patient monitoring devices, with the creation of virtual wards and more data circulating than ever before. And while these digital transformation initiatives were critical to maintaining patient safety and ongoing business operations, they also increased the threat surface for healthcare organisations. Now, not only is there more lucrative data for cybercriminals to get their hands on, there are more ways to attack that data, and attackers can slip in unnoticed.
Fortunately, healthcare providers are acutely aware of the increased risk and are seeking appropriate technologies to protect themselves, keep their data safe and ultimately safeguard their patients. However, as healthcare organisations increasingly move their apps and workflows to the cloud, so they also need to understand where a cloud service provider's responsibility ends, and their responsibility begins. For example, who oversees backup, what sort of security settings have been put in place to protect the organisation and, in the unfortunate but inevitable situation of a breach, what actions should be taken and by whom?
Below we have outlined three strategies that will help healthcare providers to minimise the impact of such a breach:
1. Work to identify a breach.
No organisation should assume their employees will be immune to a phishing attempt, so it is important to quickly identify an attack. While threat intelligence tools can help to alert a security team to potential attacks, they also need to be mindful of alert fatigue. This is where AI and ML tools can help teams cut through the noise and only action those attacks that present a high risk to the organisation.
2. Know your response.
What is the shutdown plan? The more automated the process, the better. This is where an aligned and coordinated plan that runs right across the organisation is important. Otherwise, the IT team could respond too quickly and shut down critical operations in a false positive situation.
3. Establish a disaster recovery plan.
Business continuity and disaster recovery plans should both account for cyberattacks. It may seem like duplication, but these two scenarios require a very different response and have different goals. For example, backups should not be relied upon to get hundreds of machines back up and running. This is the realm of disaster recovery.
No Silver Bullet
Unfortunately, no single solution can shield an organisation's entire environment from incoming cyber threats, and this is why cybersecurity shouldn't be approached as a tick-box exercise but, rather, should be implemented as an enterprise-wide education programme. Employees need continuing support and guidance to understand the landscape to employ the right technology for undertaking risk. And as organisations develop their incident response, recovery and backup plans, they should make sure they have the right tools and the right vendor to help them architect the solutions that will best fit their organisation's culture and business environment. With cyber attacks showing no sign of abating as we go into 2023 and healthcare being a prime target, making sure the organisation adopts a policy that assumes they are going to be breached will ensure that they have the right systems and processes in place.