• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Poor healthcare cybersecurity is a threat to public health
Security

Poor healthcare cybersecurity is a threat to public health

August 23, 2022No Comments7 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Poor healthcare cybersecurity is a threat to public health
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


When it comes to cybersecurity, U.S. healthcare facilities are in critical condition. 

Patient and enterprise data is a precious commodity — and cybercriminals are increasingly exploiting inadequately prepared facilities to get to it. What’s more, the proliferation of internet of things (IoT) devices is expanding the attack surface and creating new avenues for patient data breaches.

“The most significant threats to patient and enterprise data, like all cybersecurity threats, are constantly shifting,” said Nate Lesser, CISO at Children’s National Hospital, which has partnered with cybersecurity company Trustwave to improve the hospital’s security posture in the growing threat environment. 

And, Lesser pointed out, breaches, hacks and ransomware attacks are not only incredibly costly — they are ultimately a public health threat because they can compromise hospitals and healthcare workers’ abilities to provide care.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

“In healthcare, and especially for hospitals, any attack that threatens our ability to provide for our patients and families is of paramount importance,” said Lesser.  

Healthcare cybersecurity attacks on the rise

Healthcare systems are increasingly under attack, and monetary impacts are significant: According to IBM Security’s annual Cost of a Data Breach report, the cost of a healthcare data breach is at an all-time high: $10.1 million on average. That represents an increase of 9.4%  between March 2021 and March 2022. 

Similarly, a report from cybersecurity company Sophos revealed a 94% increase in ransomware attacks on healthcare organizations in 2021. Last year, 66% of healthcare organizations were hit, compared to 34% in 2020. 

Just this year, attackers have hit dozens of healthcare organizations, exposing millions of patients’ sensitive information. This included New York-based medical billing and practice management company Practice Resources, LLC; Zenith American Solutions in Michigan; and Indiana-based neurology practice Goodman Campbell Brain and Spine.

See also  High 10 grasp’s in cybersecurity packages in 2022

Meanwhile, hospitals are suffering geopolitical consequences: In 2021, the FBI thwarted what it called a “despicable” attack on Boston Children’s Hospital by Iranian-government sponsored hackers.

“The speed of evolution in cyber today is challenging security programs’ ability to keep pace with today’s threats,” said Kory Daniels, CISO at Trustwave. 

Increasingly sophisticated attackers

Notably, ransomware and business email compromise are the greatest concerns. Credential leakage is also growing and can prove a more successful attack, said Daniels, because bad actors can commit fraud against an enterprise or steal consumers’ identities.

Lesser, CISO of Children’s National Hospital — a top-rated healthcare facility in Washington, D.C. — highlighted the broad category of third-party attacks. 

This encompasses all aspects of a facility’s relationships with vendors, partners, cloud platforms, research collaborators and service providers (among others), he said. Outside entities often have access to — or even house — protected health information (PHI), personally identifiable information (PII) and other protected information.

Sophisticated attackers are also attempting to extort hospitals by ransoming patient and employee records — not just their systems, said Daniels. This means that they steal critical records before encrypting the systems that they reside on. So, even if a hospital has good backups to recover an infected system, the attackers can still threaten to release sensitive data. 

In-house challenges

While battling attacks that are ever more sophisticated, healthcare facilities are concurrently struggling to arm themselves with their greatest asset: Their staff. 

An estimated 1.5 million healthcare jobs were lost in the first two months of COVID-19 as many clinics were closed and services restricted to non-emergency services. Many of these jobs have been refilled, yet healthcare employment remains below pre-pandemic levels — with 1.1% fewer healthcare workers, or 176,000 fewer, versus February 2020 staffing levels. 

The Centers for Disease Control and Prevention warns that these staffing shortages will only continue as the COVID-19 pandemic progresses, particularly with the spread of the Omicron variant. 

See also  Prepare for long-term cyber threat from Ukraine war, says NCSC

Indeed, talent shortages can lead to fatigue and burnout, in turn causing frustration and lack of vigilance on the part of employees — ultimately making facilities more susceptible to attack, said Lesser. Even more troubling, frustrated, angry and disgruntled staff can become malicious insiders.

“Our staff are our first line of defense and best ‘sensors’ to know what’s happening in the environment,” said Lesser. “If they are overextended, we lose this valuable reporting.”

Daniels underscored the fact that organizations need to be able to respond to alerts any time of day, proactively ensuring that technology is continuously adjusted and “tuned to today.” They must work to maintain a 24-month strategy, deploy and enhance technologies, utilize vulnerability discovery and product development testing, plus enable continuous monitoring, triage and response.

With a short-staffed team, security leaders might only be able to plug some of the most critical security holes. 

“No one can be an expert in everything — including the CISO — and staff burnout can impact the ability to effectively catch alerts,” said Daniels. 

Road to recovery

While ensuring that they have the “right staffing mix” — and, just as importantly, continually training their staff — hospitals should be integrating, consolidating and tuning security tools, said Lesser. 

Children’s National Hospital performs constant cost-benefit analysis, he said. In doing so, they consider: 

  • Outsourcing versus insourcing.
  • Building versus buying.
  • Implementing tools versus adding staff.
  • Comparing and contrasting team structure and functions with those of other healthcare facilities. 

Organizations are also increasingly establishing what Daniels called “shared risk resilience models.” This means CISOs are spending more time meeting with business leaders and peers to communicate the evolution of cyber-risk and build “understanding and alignment” across the organization, he explained. 

Ultimately, technologies, managed security services and internal talent are not sufficient alone, said Daniels. CISOs must prioritize a risk-driven approach that aligns risk tolerance with appropriate financial budgets. This helps ensure that organizations “mitigate those risks as a business — not just as a security organization,” said Daniels. 

See also  The Case for Making Public Transit Free In every single place

Knowing your partners

Speed and scale are the biggest considerations for any cybersecurity program as organizations work to keep up with technological innovation and adapt governance and security controls in response to advanced attacks, said Daniels. 

While IoT and 5G are valuable, they create big data challenges. The industry has “no choice” but to leverage machine learning (ML) and artificial intelligence (AI) to manage that data, said Daniels. Organizations are also working to effectively lean on trusted partners so they can quickly scale up and down as needed.

More organizations are leveraging as-a-service models from the cloud, as well, and are outsourcing some services to vendors to perform jobs that were previously handled in-house. 

However, Daniels pointed out, as the cybersecurity market becomes increasingly crowded, it is critical that technical decision-makers assess partners to determine that they can trust them to “be part of their cyberdefense mission,” said Daniels. 

For instance, IT and business leaders should ask to speak to potential vendors’ security leaders to understand their perspective and role. This helps organizations ensure that their decision is not just tactical, and that they will be able to scale at the speed of their operations. 

Preparing for tomorrow’s threats, today

Lesser also predicted that the future of healthcare cybersecurity will involve: 

  • More hybrid security operations centers (SOCs). 
  • Increased combination of SOCs and network operations centers (NOCs) activities.
  • Increased focus on real-time situational awareness that covers the entire enterprise. 
  • Enhanced collaboration with other health delivery organizations (HDOs). 

Ultimately, “attackers will continue to increase their automation and collaboration,” said Lesser. “Defenders need to do the same.”

Daniels agreed, emphasizing: “Remember, the threats of tomorrow could put an organization’s cyber resilience at risk.”

Source link

Cybersecurity health Healthcare poor Public threat
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Xiaomi’s Smart Band 8 Pro is a cheap and easy way to track health, control media and get notifications in an Apple Watch-style design

March 26, 2024

How Prioritizing Emotional And Physical Health Benefits Business

September 6, 2023

Stabilizing The Cybersecurity Landscape: The Rise Of vCISOs

July 14, 2023

Tips For Becoming A More Engaging Public Speaker

May 17, 2023
Add A Comment

Comments are closed.

Editors Picks

IT Sustainability Think Tank: Embedding GreenOps into enterprises

August 13, 2022

There Will Never Be Another Twitter

June 5, 2023

The Political Theater Behind the State of the Union Data Privacy Push

February 9, 2023

NCSC startups scheme turns focus to operational know-how, SME safety

July 29, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.