How to Win the Cybersecurity Battle in Healthcare

How to Win the Cybersecurity Battle in Healthcare

How to Win the Cybersecurity Battle in Healthcare

How to Win the Cybersecurity

Battle in Healthcare

How to Win the Cybersecurity

Battle in Healthcare

Chris Morales
October 20, 2020

Over the years, I’ve learned a few things about cyberattacks in the healthcare industry:

  1. The real threat is already in healthcare networks in the form of privileged access misuse.
  2. The growth in healthcare IoT devices is overwhelming and dangerous.
  3. A majority of attacks occur due to negligence, misuse and a lack of security awareness by insiders.

By default, a lot of people have access to patient medical records. This make it very easy, and perhaps a bit enticing, for some to take advantage of the situation. Internal actors are largely responsible healthcare data loss. I’m talking about employees who access patient data out of curiosity or to commit identity fraud. Apparently, it is the only industry where this occurs at such an alarming rate. While everyone else worries about cyberattacks from someone they’ve never met, security professionals in healthcare worry most about the people they talk to in the break room.

Even worse, motives seem to be a mix between financial gain – patient records are the most valuable form of digital personal data – and simple curiosity. The curious want to know what’s going on with others and the information is there for the taking.

Love affair with IoT devices

The ongoing proliferation of the internet of things (IoT) in the medical industry doesn’t help either. These medical devices produce massive volumes of data about every patient who comes through the door, and most healthcare organizations don’t have a way to track what or where those devices are.

IoT might be the easiest target for attackers. There are lots of them, no one is watching and security is nonexistent. We’ve seen attacks evolve from authenticating through default admin passwords and using IoT for botnets to the outright destruction of IoT devices by wiping their drives. Granted, wiped devices can be restored, but the impact is far greater if those devices deliver critical care.

Recurring challenges

There is a recurring set of challenges based on the feedback we get from our healthcare customers.

  • Lack of security professionals – One person can only do so much in a day. Healthcare security professionals are often tasked to do more than is humanly possible.
  • Lack of money – Hiring more people is tough because healthcare organizations have lean budgets. They are tasked with finding operational efficiencies and doing more using what little they have.
  • Lack of visibility – Lots of IoT devices, coupled with the free flow of patient data in the network, create massive internal blind spots about what’s happening. The biggest threat is inside the network, where perimeter security is blind.

Reduce the time to discover threats

When you factor in how long it takes to discover a data breach, it suggests that healthcare is losing the battle. It’s not acceptable to find out weeks, months or years after a breach occurs. I believe the answer lies in 360-degree visibility inside the network – across cloud, data center, IoT, and enterprise networks – as well as real-time attacker detection and the prioritization of all detected threats so you know where to start.

However, that answer must address the challenges I mentioned earlier. Here are four ways to get there:

  1. Eliminate the manual, time-consuming work of security analysts through automation and prioritization of detected threats.
  2. Lower the skills barrier needed to hunt down cyberthreats.
  3. Consider that everything is connected, which makes for an easy target and a huge attack surface.
  4. Provide visibility inside the network to see attackers – where they are, what they’re doing, and the compromised hosts and workloads they’ve exploited.

This fundamental approach is advocated by a growing number of healthcare security professionals. Many are augmenting their security teams with AI-derived machine learning models to automate the early detection of cyberattackers, speed-up incident response, investigate conclusively, and hunt more efficiently for threats.

It’s a battle that has been won by many healthcare organizations and the idea is gaining momentum.

October is Cybersecurity Awareness Month, secure your network and reduce your business risk with network detection and response (NDR). If you want to see how, schedule a demo.

About the author

Chris Morales

Chris Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Author profile and blog posts

Most recent blog posts from the same author



December 10, 2020
Read blog post
Threat detection

攻撃者がビジネスメールを使ってOffice 365を侵害する方法

December 3, 2020
Read blog post

攻撃者が使用するOffice 365ツールとオープンサービス

October 19, 2020
Read blog post