December 7, 2021 By Rob Dyson 4 min read

The health care industry is one of the most popular and lucrative targets for cyberattacks and malicious activity. Health care organizations always present as an attractive proposition to hackers as they possess high volumes of sensitive information about patients and rely on highly vulnerable medical devices.

Advancements in medical procedures and the growth in digital innovation have led to an increase in the complexity of networks and security. Medical firms need to ensure they protect their data, employees and patients with appropriate data integrity and security solutions that don’t break the bank while controlling costs.

The danger is real. IBM’s Cost of a Data Breach Report found that health care organizations suffered the highest costs of data breaches for the 11th consecutive year in 2021. This year saw the average cost of a health care data breach surge to $9.23 million, a 29.5% increase from the previous year. That’s more than any other industry, with the financial sector being a distant second, at $5.72 million. Furthermore, medical organizations have seen a 185% increase in the number of health care data breaches this year compared with last year. 

Significant Challenges to Health Care Cybersecurity

Health care organizations face significant vulnerabilities from outdated or legacy technologies that are attractive targets for today’s cyber attackers. To make matters worse, a majority of the newer medical devices are still not being developed with cybersecurity controls in mind. Traditional vulnerability management approaches present several challenges within modern health care IT environments. New devices and technical limitations can make traditional methods largely ineffective.

Health care cybersecurity is threatened on a number of fronts, including:

Phishing Attacks

Cybercriminals target victims through email, social media and text messages. The attacker poses as a legitimate sender and attempts to dupe victims into opening malicious attachments or spoofed hyperlinks. This enables the attacker to steal personally identifiable information (PII), such as login credentials, credit card information and account details, and use this information as part of broader identity theft activity.

Insider Threats

Insider threats occur when disgruntled employees leak or sell data, or through employee negligence. Both can result in health care data being leaked and made available for purchase on hacker websites. Insider threats can also lead to hospital cyberattacks by external actors.

Internet of Medical Things (IoMT) Attacks

The health care industry continues to see a massive increase in the use of internet-connected medical devices, collectively known as Internet of Medical Things (IoMT) devices. These connected devices, like heart rate monitors, infusion pumps, smart imaging systems, inhalers and thermometers, are increasingly vital to caring for patients. However, many connected devices don’t have adequate built-in security and can’t be controlled or monitored by traditional IT security products. This makes IoMT devices extremely vulnerable to cyberattacks, so they must be secured to prevent cybercriminals from accessing and exploiting the data they generate.

Gary Arnold, director of strategic partnerships at Armis, provides an example of the danger: “In May 2021, Armis researchers discovered PwnedPiper, which is a series of nine critical vulnerabilities in the Nexus Control Panel that controls Swisslog Healthcare’s Translogic pneumatic tube system (PTS) stations. The infrastructure delivers medication, blood products and lab samples to more than 3,000 hospitals worldwide. However, the vulnerabilities allowed attackers to seize control of PTS stations and deploy ransomware that could enable them to launch denial of service (DoS) or man-in-the-middle attacks.”

Ransomware Attacks 

Ransomware poses a significant threat to medical organizations. It involves attackers gaining unauthorized access to a network and injecting malware to lock users out of machines, steal data or paralyze a system to prevent access. The attacker then demands a ransom with the promise of providing a decryption key and return of the stolen data when the ransom is paid.

Remote Connectivity and Telemedicine Risks 

Many health care organizations have seen a sharp rise in online consultations over the last 18 months. Remote connectivity and telemedicine offer ease of use for both medical staff and patients. However, they also increase the risk of cyberattacks and health care data breaches if they aren’t adequately protected or if users don’t have secure access.

How to Secure Health Care Data and Organizations

The impact of cyber crimes targeting the health care industry can be mitigated by implementing the right security solutions. The combination of the right security solutions and sufficient training for staff helps businesses prevent data loss, leakage and theft. It also provides visibility into device and system vulnerabilities. Furthermore, employees are better positioned to spot the potential signs of a cyberattack, which means organizations can identify and mitigate the impact of attacks by responding as quickly as possible.

Armis and IBM provide security services and solutions for health care and life sciences companies, securing them against the rising tide of cybercrime. These include:

  • Working with the client to implement security solutions that bring visibility to devices and networks to check for vulnerabilities that could be exploited by attackers
  • Implementing security controls that address known security vulnerabilities
  • Integrating the Armis security solution with the security operations center to monitor medical and supporting systems for new vulnerabilities, malware, cyberattacks and system changes that could impact the business negatively.

Armis and IBM help health care organizations secure their systems by monitoring for risks and assessing device behavior. The solutions also provide clear visibility into who or what is attempting to access their corporate networks. These solutions are able to monitor devices on Wi-Fi networks (and other protocols like Zigbee and Z-Wave) for potential network intrusion and data exfiltration. They also monitor devices that aren’t directly connected to networks, such as defibrillators or devices like smart lights, smart locks and wearables.

Gain the Advantage Over Cybercriminals

Health care organizations face an ever-increasing risk of cyberattacks. As they deploy more sophisticated devices and networks and continue to expand remote care, their security threat level increases. Medical companies need to ensure all of their users and devices are protected by deploying solutions that increase the visibility of their attack surface, help them fight emerging threats, and keep their network secure.

Discover the critical considerations that will help your organization gain the upper hand in the fight against cybercriminals by downloading this Armis whitepaper.


More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today