Check Point Software is warning the healthcare sector that it needs to urgently increase its cyber security defenses this World Health Day. Recent data from the company reported that the industry has experienced a 78% year-on-year increase in attacks, with an average of 1,426 attempted breaches per week, a concerning statistic given the criticality of health services. Here in India, the healthcare industry is one of the most impacted industries, with 4,805 weekly attacks per organization compared to 1,485 weekly attacks globally over the last six months according to Check Point’s Threat Intelligence Report.
In its latest Security Report, Check Point identified that this hyperfocus on disrupting our national infrastructure stems not only from the appeal of gaining access to our most sensitive data and medical records, but also the guarantee of media coverage. Both factors put victims under immense pressure, increasing the likelihood that a high ransom fee will be paid.
Over the last year, we have seen the impact that an attack can have on a healthcare provider. For example, in India, five servers of the All-India Institute of Medical Sciences were affected by a cyberattack and an estimated 1.3 terabytes of data was encrypted. This attack was a part of the nearly 1.9 million cyberattacks recorded on the Indian healthcare industry last year. After the AIIMS attack, hackers continued the onslaught with attacks on Safdarjung Hospital in New Delhi, which was also hit by a cyberattack in November, but its system were quickly restored no reports of compromised data. It cannot be overstated that when it comes to cyberattacks such as these, it is a matter of life and death. In fact, a survey conducted by the Ponemon Institute found that more than 20% of healthcare organizations reported an increase in patient mortality rates after experiencing a breach.
The healthcare sector is vulnerable for several reasons. Firstly, the increased sophistication and quantity of cyberattacks is not a threat these companies are set up to deal with. Many hospitals rely on a blend of old and new technologies, most of which are either not directly managed or forgotten due to improper documentation. This problem has only increased over time as more IoT and medical devices are added, despite rarely being built securely by design and worrying not being actively managed by the IT team. The current cybersecurity skills shortage also means there's a lack of expertise to help manage this widening attack surface.
Despite these challenges there are technologies and strategies that can help protect healthcare providers. Here are five key elements that every organisation should follow to ensure maximum security:
Communication: 'a chain is only as strong as its weakest link'. Companies need to educate employees on how to stay secure. If not properly managed, any device that has access to a network is a gateway for cybercriminals to all connected devices. This problem has multiplied with hybrid and remote working practices and a proliferation of personal mobile devices being used to access medical data in email and Microsoft 365
Visibility and segmentation: it is impossible to successfully secure a network without understanding all the assets it contains. Having a comprehensive view, including cloud and data center assets, will expose any weaknesses, such as possible unpatched security updates or devices that have outdated firmware. Once the network is mapped, strategies such as segmentation can be implemented, which creates virtual internal barriers that prevent cyber attackers from moving laterally and causing widespread damage.
Consolidated security is now a must have: with email continuing to be the #1 threat vector, followed closely by vulnerabilities and misconfigurations, a strategy of implementing multiple single-point solutions is no longer adequate protection. Security operations need full end-to-end visibility, less false positives, and absolute confidence that all vectors have the same elevated level of shared threat intelligence and prevention-based security, ensuring that every potential threat is covered.
CISOs must do their part: the role of a CISO is to ensure that executive management has a clear and articulate understanding of the risks an organization faces. Their job is to make these points clear in a language that is easy to understand for all positions, as well as to explain the business consequences of weak security. If there is a general lack of communication between CISOs and the business, that must change to better secure critical services.
Collaboration is key: companies in all sectors need to elevate their cybersecurity programs, but they cannot do it alone. Security vendors need to work together to create unified cover against threats, and a unified regulatory body should be adopted to help implement standard practices and reduce disparities in cybersecurity spending.
"Many healthcare organizations have good risk management in place but lack a consolidated, collaborative and comprehensive strategy that offers true cybersecurity resilience. The threat level continues to grow, and the consequences can only get more serious" explains Sundar Balasubramanian, Managing Director, India & SAARC region, Check Point Software Technologies. "Such attacks can not only disrupt operations for these healthcare organizations but lead to loss of lives if services are prevented from being delivered. It is necessary to have solutions to take immediate action, but, above all, to ensure prevention of such attacks in the first place, rather than just detection".