A new approach to healthcare cybersecurity
In recent years, digital transformation has conspicuously changed numerous industries, reshaping everything from retailing to manufacturing — including healthcare. Like many other industries, the healthcare sector was compelled to rapidly adopt a combination of remote and distributed work, supported behind the scenes by an array of digital healthcare technologies.
While these technologies created new benefits and efficiencies, they also expanded the healthcare sector’s attack surfaces, offering threat actors opportunities to breach important digital infrastructure. Cybercriminals have exploited these threats to devastating effect, ransoming hospitals and entire healthcare systems by shutting down critical functions, including medical records and billing.
Historically, many industries largely relied on government regulations to protect against security threats. While compliance does not equate to security, adhering to an official checklist of mandates gave many an acceptable (perhaps perceived) baseline level of protection. Yet the speed and sophistication of today’s threat actors have made clear that the public sector too often falls far behind the pace of change. To protect themselves against current and future cybersecurity threats, organizations must become individually responsible for testing and validating their cybersecurity programs, adopting proactive rather than reactive security postures.
Healthcare’s changing threats
Today’s healthcare sector faces several particularly concerning cybersecurity challenges, including noteworthy increases in the volume, sophistication and variation of attack methods that have made their way into the wild. In addition to ransomware attacks for monetary gain, the industry has seen attacks designed purely for disruption and others focused on compromising user data, with the quantity and complexity of new threats exacerbating already challenging security gaps.
Cybercriminals have recently leveraged indirect supply chain attacks to disrupt companies well beyond their initial targets. Late last year, a ransomware attack on HR and payroll vendor Ultimate Kronos Group (UKG) led to widespread payroll issues at several health systems, adding one more stressor for employees already impacted by the COVID-19 pandemic — and spurring employee lawsuits this year against UKG’s customers.
Read more: A new approach to healthcare cybersecurity