Healthcare has traditionally kept the cloud at arm’s length, and for an understandable reason.
Hospitals and healthcare providers house a wealth of highly sensitive information, including patient data, medical and payment records, payer and provider employee data, and wired or wireless medical device data that cybercriminals can exploit. Hackers can use healthcare data to access prescriptions, steal identities, compromise medical records and diagnoses, blackmail people, hold the data for ransom or seize it and sell it on the black market for hefty amounts of cash.
A 2021 study found that healthcare breaches are the most expensive out of all other industries, at an average cost of $7.13 million.
In the mid-2000s, cybercriminals learned how profitable it is to target the healthcare sector. In 2020, when hospitals and healthcare providers had to adopt cloud infrastructures overnight due to the COVID-19 pandemic, new cloud-based attack vectors opened up, and nation-states and bad actors proceeded to take advantage. At the same time, healthcare leaders struggled to create new comprehensive security policies and keep up with securing their data in new cloud environments.
How have COVID and WFH made it Difficult for Healthcare to Meet Security Compliance Standards?
In the event of the mass acceleration to incorporate cloud infrastructures, doctors, accountants, back-office staff, and other personnel started working from home. At the same time, hospitals were flooded like never before from the pandemic.
The number of spaces to secure increased exponentially. CISOs and CIOs had to shift their IT and security strategies to cover Telehealth platforms apart from protecting legacy technologies like pacemakers and various other medical equipment. In addition, the adoption of new Telehealth software required quickly educating medical personnel, who aren’t built to be tech-savvy, on using the software securely.
Simultaneously, healthcare security and IT teams were burdened with setting up the new cloud infrastructure, taking bandwidth away from monitoring the space and detecting abnormalities. All of this caused an overload situation, leaving the sector remarkably vulnerable to breaches.
How can Healthcare CISOs and CIOs change their IT Strategy based on Newly Added cloud-based Applications?
While the modernizations are great for the industry, many healthcare companies likely expanded more than they needed to, resulting in more vulnerabilities.
To mitigate risks, healthcare leaders can:
- Reduce the landscape of cloud applications
Limiting overlapping technologies is easy, and it makes a big difference. If you have installed one video conferencing system and are thinking about experimenting with numerous others to find which one suits your needs best, you should try keeping the one. That way, you’ll have only one platform that you need to defend and that your staff needs to become familiar with.
- Focus on the weakest link
People tend to fall for things like phishing scams, and one-third of all breaches are linked to phishing. You can prevent these types of issues and know who is vulnerable within your workforce. By lightly monitoring for insider threats using user behavior analytics, you’ll be able to spot if and when employee accounts are being taken over.
- Automate wherever possible
For years, cybersecurity has been tackled using DIY tools. The problem with DIY-type software is that it takes months to set up and requires lots of data plumbing, normalizing, triangulating information, running queries, establishing baselines, and identifying trends before any real insights can be drawn from data. Big healthcare companies can especially fall behind on staying up to date with what’s happening, especially when assessing vulnerability when the news broadcasts new cyberattacks daily.
Automation can triangulate vulnerabilities and take care of the entire data plumbing process while instantly providing visibility with the full context in a consolidated view.
Most leaders think they have to do everything at once, but focusing on the weakest link, people, and endpoints you have in the cloud should lead you down the right path to protecting your organization.
Check out this discussion with Fletch’s CEO and Founder, Grant Wernick, to learn more about healthcare and cybersecurity.
If you are interested in learning about how Fletch helps support healthcare providers, please contact us at uba@fletch.ai or sign up for a demo on our website.
