Confronting Risk and Exposure in Healthcare

July 15, 2021
Vectra AI Security Research team
Confronting Risk and Exposure in Healthcare

The technology used in patient treatment for the betterment of our health has been undergoing a huge transformation for some time. This transformation has made it easier for healthcare providers to customize care around patient needs through:

  • Advances in mobile technology
  • Smaller and more portable medical devices
  • Greater portability and accessibility of digitized patient records

The rapid and widespread deployment of new, innovative medical technologies and use of the cloud has prompted the healthcare industry to become one of the fastest adopters of Internet of Things (IoT) devices, also known as Internet of medical things, or IoMT.

But there’s a downside to fast expansion of a digital footprint. The rapid growth of medical devices and move to the cloud is fueling an unprecedented volume of healthcare data about all of us, and most people are unaware of how our data is being stored and used.

This vast amount of data, coupled with the need for fast, easy access to ensure 24/7 healthcare delivery, has created an ever-expanding attack surface that can be exploited by cybercriminals.

Risk and exposure

Healthcare IT security teams are often kept in the dark and behind the curve when it comes to changes in device usage. For example, new IoMT devices are often connected to the network without informing IT security teams.

And with the global pandemic, the migration to the cloud has been accelerated to support remote work requirements and telemedicine.

Furthermore, gaps in IT security policies and procedures make it easier for healthcare staffs to make unintentional errors that result in exposure and increased security risk. This can take the form of improper handling and storage of patient files, which is a soft spot for cybercriminals in search of weaknesses to exploit.

Attackers intent on stealing personally identifiable information (PII) and protected health information (PHI) can easily exploit this vulnerable attack surface and disrupt critical healthcare delivery processes.

Reduce your time to discovery

When you factor in the time it takes a lean security team to discover a data breach, it becomes apparent that healthcare organizations must be more vigilant about what happens inside their networks.

It’s critically important to know the difference between an attack in progress versus network traffic that is associated with business as usual. It’s unacceptable (and embarrassing) to find out weeks, months or years later that a breach occurred.

The answer lies in 360-degree visibility inside the network, real-time attacker detection, and the prioritization of all detected threats—from cloud and data center workloads to user and IoT devices.

Here are four ways you can get there:

  1. Eliminate the manual, time-consuming work of security analysts
  2. Lower the skills barrier needed to hunt down cyberthreats
  3. Consider that everything is connected, which makes for an easy target
  4. Provide visibility inside the network to see attackers and what they’re doing

This is the fundamental approach advocated by a growing number of healthcare organizations. Many are augmenting their security teams with artificial intelligence to automate the detection and triage of cyberattacks in the network while speeding-up incident response. It’s a battle that’s been won by many healthcare organizations.

Spotlight Report on Healthcare

To share our own observations, look at our Spotlight Report on Healthcare, which reveals behaviors and trends as the COVID-19 pandemic accelerated the transition to the cloud and an increase in telemedicine.

The proliferation of medical IoT devices, the accelerated move to cloud, and insufficient access controls and legacy systems has created a massive and vulnerable attack surface that can be exploited by cybercriminals. If you'd like to see Vectra in action, take a tour.