By Antoine Korulski, Product Marketing Manager, Infinity architecture
∙ The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware.
∙ 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, they concluded that having too many security vendors results in complex security operations and increased security headcount.
What is the most effective way to achieve cyber resilience? Do you consolidate your security or adopt a best-of-breed vendor approach? It’s a long-debated topic within IT circles, with each option offering viable technical and business arguments. As a CISO every conclusion you come to will impact your cyber security effectiveness for years to come.
A recent survey by the Ponemon Institute stated that more than 20 percent of healthcare organizations reported increased patient mortality rates after experiencing a significant cyberattack, and another 57 percent said they experience poor patient outcomes. Additionally, the study identified four common types of attacks: cloud compromise, ransomware, business email compromise/phishing, and supply chain.
Successful cyberattacks on healthcare organizations can be disruptive and even deadly. In this post, we use the healthcare industry to illustrate how a consolidated security approach can best address your organization’s security gaps.
Healthcare organizations heavily targeted
Check Point Research (CPR) reported that on average the healthcare sector experienced 1426 weekly attacks, a 60 percent increase in 2022 over the previous year. Some of the most high-profile attacks have targeted healthcare organizations. In recent weeks, it was reported that the National Health Services (NHS) had suffered an attack and several services, including NHS 111, some urgent treatment centers, and some mental health providers were taken offline. The ransomware attack targeted a software supplier for 111 telephone advice services, GP surgeries, and some specialist mental health trusts.
Figure 1: Top 3 targeted industries. Attacks on healthcare grew 60% YoY.
Deryck Mitchelson, Field CISO at Check Point, said that the NHS service’s threat landscape has grown significantly, with the increased likelihood of major cyberattacks at any time.
Today’s ransomware economy is a complex operation extorting millions of dollars per ransom, holding entire organizations captive under the threat of a total system shutdown. As a business model, Ransomware-as-a-Service (RaaS) has seen the appearance of low-cost affiliate programs for any criminal to get involved. In one recent case, “diabolical” is the term used to describe a cyberattack on a major Paris hospital. A wide range of IT systems were paralyzed, and the threat actor demanded $10 million to unlock them and threatened to release patient data. In the attack’s aftermath, hospital staff struggled to provide emergency services and patient data and prescriptions had to be handled manually.
When exploring why this particular industry seems to be so heavily attacked, one of the key reasons could be around the massive amount of sensitive and confidential patient information collected, which could be worth millions to attackers, via blackmail or specific attacks on individuals. A case in point was the recent Medibank breach, Australia’s largest health insurer where hackers who stole customer data also released a file of pregnancy terminations.
With the increasing digitalization across every industry, the healthcare industry is also facing an explosion of IoT and medical devices like insulin pumps and defibrillators, opening up more entry points for attacks, especially as security was not a primary concern in the design of such devices, many of which are sitting on flat networks and are not managed by the digital and security teams. Attackers are also aware that such a critical industry like hospitals and medical centres cannot allow downtime or have medical systems which cannot work, as this will impact not just its reputation but also place lives at stake. Coupled by limited funds to spend on cybersecurity (with a higher preference to spend instead on medical supplies and improvement of medical systems) and a lack of cyber education amongst the healthcare workers, means that the healthcare industry will continue to see cyberattacks for some time to come.
Besides ransomware attacks, healthcare organizations – in line with every industry – can expect to experience a vast array of attack methods, including phishing, various botnet attacks, distributed denial of service, and more.
The challenges of the healthcare system’s multi-vendor environment
Healthcare facilities such as hospitals, clinics, labs, and other medical environments offer a broad and complex attack surface. These facilities include networks, cloud infrastructure, desktop, and mobile endpoints, as well as network connected IoT devices. The latter are sensor-driven medical devices that track and monitor in real-time, and most are not designed with security in mind.
Healthcare providers’ dynamic environments also introduce complex layers of user types and access privilege levels that can make sensitive personally identifiable information (PII) and other medical data ripe for cyber thieves. The cost of a breach in the healthcare industry went up 42% in the past 24 months. For the 12th year in a row, healthcare had the highest average data breach cost of any industry with an average total cost of a breach ballooning at $10.10M. (Source: IBM and CPR)
Given the facts, is security consolidation a viable option for healthcare professionals? If so, how will it enhance an organization’s security posture, improve security operational efficiency, and reduce TCO (Total Cost of Ownership)?
In their CISO Effectiveness Survey, Gartner reported that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. They concluded that having too many security vendors results in complex security operations and increased security headcount. Eight percent of respondents saw vendor consolidation as an avenue for a more efficient security strategy. Where IT budgets are often constrained, the question arises: How do healthcare CISOs deal with the bloat of security products?
Consolidation is a big desire from customers—possibly a response to the tool sprawl that we mentioned earlier. There is a feeling in the market that there might already be too many companies, so it’s not just about more innovation but also building integrated platforms so customers can go to one place and get more baskets of services.
Healthcare depends on innovative solutions and services, and any disruption can endanger lives and livelihoods. What actions can CISOs take to better ensure the protection of their organizations?
One answer is to consider the use of a consolidated security platform designed to guard against today’s critical zero-day and fifth-generation threats across the network, cloud, IoT, and endpoints. Consolidation is also a key benefit to cutting complexity to reduce cyber risks, a prediction Check Point Research also foresaw as part of their 2023 predictions. With the cyber-skills gap growing by over 25% in 2022, and organisations having more complex, distributed networks and cloud deployments, as an outcome of the pandemic, security leaders need a consolidation strategy to simplify their security operations, provide full end-to-end visibility and improve their defences. Without this, threat actors will continue to exploit weaknesses and vulnerabilities.