Health Check of Cybersecurity Readiness for Healthcare Providers

Seeking the best Managed Detection and Response with Prevention-first MDR/MPR 

Sundar Balasubramanian, Managing Director, Check Point Software Technologies India & SAARC

The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware according to Check Point Research (CPR).

As we start the New Year, the healthcare sector, a key sector in every country, can definitely expect a continued rise in attacks on their systems and networks, regardless of the size of the organization.

What’s the most effective way to achieve cyber resilience – to consolidate security or to take a best-of-breed vendor approach? It’s a long-debated topic within IT circles with each option offering viable technical and business arguments. As a CISO, every conclusion you come to will impact your cyber security effectiveness for years to come.

A recent survey by the Ponemon Institute stated that more than 20 percent of healthcare organizations reported increased patient mortality rates after experiencing a significant cyberattack and another 57 percent said they experience poor patient outcomes.[1] Additionally, the study identified four common types of attacks – cloud compromise, ransomware, business email compromise/phishing, and supply chain.

Successful cyberattacks on healthcare organizations can be disruptive and even deadly, impacting the citizens of that country as well as other countries (with the advent of medical tourism) the most. According to the Check Point Threat Intelligence Report, here in India, organisations in the healthcare industry are the most impacted industry locally with 4,805 weekly attacks per organization as compared to 1,485 weekly attacks per organization globally. Such attacks such as the recent one at AIIMS is part of the nearly 1.9 million cyber attacks recorded on the Indian healthcare network this year, as well as attacks on Safdarjung Hospital in New Delhi, according to a report by CyberPeace Foundation.

In this blog, we use the healthcare industry to illustrate how a consolidated security approach can best assess and address your organization’s security gaps. Healthcare facilities such as hospitals, clinics, labs, and other medical environments offer a broad and complex attack surface covering networks, cloud infrastructure, desktop, and mobile endpoints, as well as network connected IoT devices. The latter are sensor-driven medical devices that track and monitor in real-time, with most not designed with security in mind.

Healthcare providers’ dynamic environments also introduce complex layers of user types and access privilege levels that can make sensitive personally identifiable information (PII) and other medical data ripe for cyber thieves.

The cost of a breach in the healthcare industry went up 42% in the past 24 months. For the 12th year in a row, healthcare had the highest average data breach cost of any industry with an average total cost of a breach ballooning at $10.10M. (Source: IBM and CPR)

The challenges of the healthcare system’s multi-vendor environment

Is security consolidation a viable option for healthcare professionals to consider? If so, how will it significantly enhance an organization’s security posture, improve security operational efficiency, and greatly reduce TCO (Total Cost of Ownership)?

In their CISO Effectiveness Survey, Gartner reported that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more, concluding that having too many security vendors results in complex security operations and increased security headcount.[2] Eight percent of respondents saw vendor consolidation as an avenue for a more efficient security strategy. Where IT budgets are often constrained, the question arises: How do healthcare CISOs deal with the bloat of security products?

Consolidation is a big desire from customers—possibly a response to the tool sprawl that we mentioned earlier. There is a feeling in the market that there might already be too many companies, so it’s not just about more innovation but also building integrated platforms so customers can go to one place and get more baskets of services.[3]

Healthcare organizations heavily targeted

Check Point Research (CPR) reported that on average the healthcare sector experienced 1426 weekly attacks, a 60 percent increase in 2022 over the previous year.[4] Some of the most high-profile attacks have targeted healthcare organizations. In late 2022, National Health Services (NHS) in the UK suffered an attack and several services, treatment centers, and some mental health providers were taken offline.

Today’s ransomware economy is a complex operation extorting millions of dollars per ransom, holding entire organizations captive under the threat of a total system shutdown. As a business model, Ransomware-as-a-Service (RaaS) has seen the appearance of low-cost affiliate programs for any criminal to get involved.

When exploring why this particular industry seems to be so heavily attacked, one of the key reasons could be around the massive amount of sensitive and confidential patient information collected, which could be worth millions to attackers, via blackmail or specific attacks on individuals. A case in point was the recent Medibank breach, Australia’s largest health insurer where late last year, hackers who stole customer data also released a file of pregnancy terminations.

With the increasing digitalisation across every industry, the healthcare industry is also facing an explosion of IoT and medical devices like insulin pumps and defibrillators, opening up more entry points for attacks, especially as security was not a primary concern in the design of such devices, many of which are sitting on flat networks and are not managed by the digital and security teams.

Attackers are also aware that such a critical industry like hospitals and medical centres cannot allow downtime or have medical systems which cannot work, as this will impact not just its reputation but also place lives at stake. Coupled by limited funds to spend on cybersecurity (with a higher preference to spend instead on medical supplies and improvement of medical systems) and a lack of cyber education amongst the healthcare workers, means that the healthcare industry will continue to see cyberattacks for some time to come.

Check Point Infinity ELA

Healthcare depends on innovative solutions and services, and any disruption can endanger lives and livelihoods. What actions can CISOs take to better ensure the protection of their organizations?

One answer is to consider the use of a consolidated security platform designed to guard against today’s critical zero-day and fifth-generation threats across the network, cloud, IoT, and endpoints. Consolidation is also a key benefit to cutting complexity to reduce cyber risks, a prediction Check Point Research also foresaw as part of their 2023 predictions. With the cyber-skills gap growing by over 25% in 2022, and organisations having more complex, distributed networks and cloud deployments, as an outcome of the pandemic, security leaders need a consolidation strategy to simplify their security operations, provide full end-to-end visibility and improve their defences. Without this, threat actors will continue to exploit weaknesses and vulnerabilities.

Check Point Infinity architecture leverages Check Point’s ThreatCloud, a real-time global threat intelligence platform that monitors networks around the world for emerging threats and vulnerabilities and is based on a flexible ELA (enterprise license agreement) that can be tailored to an organization’s specific requirements and individual application priorities. Infinity ELA’s simplified pricing structure is clear and streamlined, allowing an organization to deploy security solutions gradually and optimize costs.

As an example, one may want to address endpoint security first, and at a later point, focus on network security. The Infinity consolidated security architecture achieves a reduction of security total cost of ownership (TCO) by an average of 20 percent. The healthcare industry needs to learn more about Healthcare Cyber Security Solutions to implement as a means to secure life-critical IT infrastructures.