Following reports that, in Q2 2022, Kroll observed a 90% increase in the number of healthcare organisations targeted in cyberattacks in comparison with Q1 2022, with ransomware helping to fuel this uptick (https://www.
"The healthcare industry may be the most vulnerable of all industries to cyber-attacks because they have access to huge amounts of personal and sensitive data on a lot of individuals. As a result, the security challenge for healthcare operators is extremely difficult, especially when data is stored in different locations and accessed through various technologies. A data-centric security approach should be taken by institutions to reduce the risk of a data breach. We may be seeing a shift in approaches from ‘secure the technology’ to ‘secure the data,’ which will reduce the threat of data loss and exposure when (not if) a cyber-attack happens.
If healthcare providers explored a data-centric security approach they could pro-actively protect their data against breaches instead of playing constant catch up in terms of addressing the many different root causes that can lead to cyber incidents. Focusing on infrastructure, perimeter and intrusion detection is a losing battle since these measures only protect you from the threats you know about and don’t offer any protection once compromised or circumvented. Adopting a data-centric security model allows for the data to be protected as it is acquired and traverses through the organization and, if an attacker gains access through the perimeter, then the risk that the actual personal data will be exposed is dramatically reduced."
Stephane Konarkowski, Senior Security Consultant at Outpost24, explains further:
"Naturally, healthcare providers have seen a significant increase in their digital footprint by moving online, however, this has put much of their external attack surface at risk. For example, many of the applications in use are often not tested and monitored on a regular basis for security exposure, leaving them open to vulnerabilities and the prying eyes of cyber criminals.
In fact, our research found, nearly 80% of pharma manufacturers had an external attack surfaced that was considered ‘critically exposed’, while 90% of web applications used by US healthcare operators are “highly
Understand that any data breach or system downtime could be fatal for any institution within healthcare. With the rise in ransomware and other cyberattacks, security hygiene must not be ignored. Therefore, taking a proactive stance to identify and mitigate potential security issues before critical care can be impacted is vital in order to protect patients and maintain compliance for data and privacy regulations”