Claroty highlights true cost of cyberattacks on healthcare

Claroty has released a new report which highlights the cost of cyberattacks on patient services and finances, with 44% of incidents costing between US$100,000 and 28% costing over US$1m.

Additional findings revealed that 61% of organisations suffered at least moderate or substantial impact on care delivery, with 15% reported a severe impact that compromised patient and/or safety when hit by a cyberattack. In line with this, 72% of European healthcare organisations businesses find it difficult to find skills and the experience required, in addition to 30% saying that current government policies and regulations either require improvement or do nothing to prevent threats.

This comes in the wake of huge cyberattacks happening earlier in the year, such as the Capita data breach as well as the attack on Barts Health NHS Trust. These highlight how healthcare systems are still vulnerable to cyber threats and more needs to be done to protect patient information.

In line with the report, Cyber Magazine spoke with Ty Greenhalgh, Healthcare Industry Principal at Claroty. He explains how security concerns have mounted and how gaps need to be identified, prioritising technologies to build cyber resilience.

What do you think businesses can do to combat the cyber skills gap?

"The cyber skills gap is a long-term problem, however, there are measures and technologies which businesses can implement to overcome the problem.

"Improving device utilisation creates a more effective and efficient usage of the scarce talent in cyber. Organisations that have complete and accurate inventories of device detail and utilisation data have an opportunity to save costs and optimise investments in additional devices. This information will provide security teams with insights such as accurate device data in real-time, enabling them to optimise device management, deployment, and reallocation. Therefore, patient care can be done with fewer devices, freeing up personnel and financial resources.

"When understaffed, saving time is essential. By also investing in operational intelligence, healthcare organisations can optimise their entire fleet of devices, streamline their day-to-day operational workflows, and accelerate their return on investment (ROI). This level of visibility and insight helps security teams make better decisions around device allocation, management, maintenance, and replacement – ultimately reducing costs, improving efficiency, and increasing productivity."

Why is the healthcare sector seeing continued cyber threats? What cybersecurity measures do they need to prioritise?

"The leading factors perpetuating cyber-attacks on healthcare are the profitability gained through extorting patient safety and the rapidly expanding attack surface of Extended Internet of Things (XIoT) connected to healthcare networks. XIoT is an umbrella term that encompasses all operational technology cyber-physical devices. These range from Internet of Things (IoT), Internet of Medical Things (IoMT) to Building Management Systems (BMS).

"Expensive medical devices such as CAT and MRI scanners are often decades old, and their operating systems are no longer supported by vendors. These “legacy” XIoT systems provide a perfect opportunity for attackers to exploit unpatched vulnerabilities and access healthcare networks, jeopardising patient data and care. Partitioning similar devices into smaller networked virtual local area networks (VLANs) is one of the most effective ways to secure legacy devices. It restricts unnecessary connectivity and communication, but is resource intensive without technology that automates device discovery, communication monitoring and automatic creation of network segmentation logic.

"Even the newer XIoT devices are not developed with a security-first mindset, instead prioritising functionality and accessibility. Poorly configured medical devices are then vulnerable to external access. Furthermore, these devices have been found to employ weak default passwords, which cybercriminals can guess within seconds.

"The most important thing for healthcare organisations to prioritise is building cyber resilience. Resilience is defined as the ability to anticipate, withstand, adapt or recover from a cyber event which results in a condition, stress, attack or compromise to the organisation. They must have full visibility of devices and their communication across their entire network to understand their risk posture. This includes managing, identifying and proactively re-acting to vulnerabilities and misconfigurations as well as responding to a breach. Resilience requires managing a spectrum of risk.

"Ultimately, it’s not if you are going to be breached, it’s when? The best laid plans can go wrong, so it is essential to prepare for a breach. Incident Response plans should be developed and practised. Steps should be taken to ensure that people, processes and technology can respond to a cyberattack effectively." 

Is the healthcare sector on track to deliver strong cyber defences? What else can they do to mitigate threats and breaches?

"It’s positive to see that the healthcare industry is increasingly prioritising cybersecurity and compliance, with investments directed towards both personnel and security tools. However, there are still pain-points when it comes to strengthening cyber and operational resilience, which need to be addressed.

"First of all, the healthcare industry's most significant struggle remains gaining comprehensive visibility of devices across all Extended Internet of Things (XIoT) systems. Traditional security solutions have been designed for information technology (IT) devices like laptops and servers. They have grave limitations when used to provide visibility into XIoT devices. This leaves organisations with thousands of unidentified, or unmanaged, devices connected to their network. All entry points for hackers or worse devices that can directly compromise patient outcomes. 

"Discovery of the XIoT devices is only part of the challenge. Once the devices are identified, the vulnerabilities for each device and their risk level relative to the other devices in the network must be determined. These vulnerabilities must then be mitigated using “Controls”. By integrating all of these factors and device attributes into existing IT tools and workflows security teams can then uncover risk blindspots and efficiently and effectively allocate the scarce “cyber skills-gapped” resources we discussed earlier.

"Finally, most XIoT security lacks essential cybersecurity controls and consistent governance. The majority of medical devices were built with a focus on functionality rather than security. However, the rapid connection of medical devices to networks has left security teams with a lack of awareness and understanding about the unique challenges of the XIoT ecosystem. Without a dedicated security team or support from XIoT-specialised security solutions, the healthcare industry will suffer from a lack of consistent governance and controls." 

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.