The health care industry is one of the most popular and lucrative targets for cyberattacks and malicious activity. Health care organizations always present as an attractive proposition to hackers as they possess high volumes of sensitive information about patients and rely on highly vulnerable medical devices.
Advancements in medical procedures and the growth in digital innovation have led to an increase in the complexity of networks and security. Medical firms need to ensure they protect their data, employees and patients with appropriate data integrity and security solutions that don’t break the bank while controlling costs.
The danger is real. IBM’s Cost of a Data Breach Report found that health care organizations suffered the highest costs of data breaches for the 11th consecutive year in 2021. This year saw the average cost of a health care data breach surge to $9.23 million, a 29.5% increase from the previous year. That’s more than any other industry, with the financial sector being a distant second, at $5.72 million. Furthermore, medical organizations have seen a 185% increase in the number of health care data breaches this year compared with last year.
Significant Challenges to Health Care Cybersecurity
Health care organizations face significant vulnerabilities from outdated or legacy technologies that are attractive targets for today’s cyber attackers. To make matters worse, a majority of the newer medical devices are still not being developed with cybersecurity controls in mind. Traditional vulnerability management approaches present several challenges within modern health care IT environments. New devices and technical limitations can make traditional methods largely ineffective.
Health care cybersecurity is threatened on a number of fronts, including:
Cybercriminals target victims through email, social media and text messages. The attacker poses as a legitimate sender and attempts to dupe victims into opening malicious attachments or spoofed hyperlinks. This enables the attacker to steal personally identifiable information (PII), such as login credentials, credit card information and account details, and use this information as part of broader identity theft activity.
Insider threats occur when disgruntled employees leak or sell data, or through employee negligence. Both can result in health care data being leaked and made available for purchase on hacker websites. Insider threats can also lead to hospital cyberattacks by external actors.
Internet of Medical Things (IoMT) Attacks
The health care industry continues to see a massive increase in the use of internet-connected medical devices, collectively known as Internet of Medical Things (IoMT) devices. These connected devices, like heart rate monitors, infusion pumps, smart imaging systems, inhalers and thermometers, are increasingly vital to caring for patients. However, many connected devices don’t have adequate built-in security and can’t be controlled or monitored by traditional IT security products. This makes IoMT devices extremely vulnerable to cyberattacks, so they must be secured to prevent cybercriminals from accessing and exploiting the data they generate.
Gary Arnold, director of strategic partnerships at Armis, provides an example of the danger: “In May 2021, Armis researchers discovered PwnedPiper, which is a series of nine critical vulnerabilities in the Nexus Control Panel that controls Swisslog Healthcare’s Translogic pneumatic tube system (PTS) stations. The infrastructure delivers medication, blood products and lab samples to more than 3,000 hospitals worldwide. However, the vulnerabilities allowed attackers to seize control of PTS stations and deploy ransomware that could enable them to launch denial of service (DoS) or man-in-the-middle attacks.”
Ransomware poses a significant threat to medical organizations. It involves attackers gaining unauthorized access to a network and injecting malware to lock users out of machines, steal data or paralyze a system to prevent access. The attacker then demands a ransom with the promise of providing a decryption key and return of the stolen data when the ransom is paid.
Remote Connectivity and Telemedicine Risks
Many health care organizations have seen a sharp rise in online consultations over the last 18 months. Remote connectivity and telemedicine offer ease of use for both medical staff and patients. However, they also increase the risk of cyberattacks and health care data breaches if they aren’t adequately protected or if users don’t have secure access.
How to Secure Health Care Data and Organizations
The impact of cyber crimes targeting the health care industry can be mitigated by implementing the right security solutions. The combination of the right security solutions and sufficient training for staff helps businesses prevent data loss, leakage and theft. It also provides visibility into device and system vulnerabilities. Furthermore, employees are better positioned to spot the potential signs of a cyberattack, which means organizations can identify and mitigate the impact of attacks by responding as quickly as possible.
Armis and IBM provide security services and solutions for health care and life sciences companies, securing them against the rising tide of cybercrime. These include:
- Working with the client to implement security solutions that bring visibility to devices and networks to check for vulnerabilities that could be exploited by attackers
- Implementing security controls that address known security vulnerabilities
- Integrating the Armis security solution with the security operations center to monitor medical and supporting systems for new vulnerabilities, malware, cyberattacks and system changes that could impact the business negatively.
Armis and IBM help health care organizations secure their systems by monitoring for risks and assessing device behavior. The solutions also provide clear visibility into who or what is attempting to access their corporate networks. These solutions are able to monitor devices on Wi-Fi networks (and other protocols like Zigbee and Z-Wave) for potential network intrusion and data exfiltration. They also monitor devices that aren’t directly connected to networks, such as defibrillators or devices like smart lights, smart locks and wearables.
Gain the Advantage Over Cybercriminals
Health care organizations face an ever-increasing risk of cyberattacks. As they deploy more sophisticated devices and networks and continue to expand remote care, their security threat level increases. Medical companies need to ensure all of their users and devices are protected by deploying solutions that increase the visibility of their attack surface, help them fight emerging threats, and keep their network secure.
Discover the critical considerations that will help your organization gain the upper hand in the fight against cybercriminals by downloading this Armis whitepaper.
Partner, Global OT Security Services Business Leader, IBM
With more than 30 years of experience in the Information Technology field, Rob Dyson has held technical and leadership positions while providing IT services ...