By Tamer Baker
Throughout the pandemic, the healthcare industry has been experiencing another epidemic: ransomware.
Cybersecurity teams have been rushing to respond to the unwavering threats by implementing new controls and products. Although most talk about their desire to automate, most of them lack confidence in the products and/or the products are not “actionable” enough to automate their new solutions. Consequently, the process of responding to ransomware (and other breaches) remains highly manual and reactive. Healthcare organizations need to improve their cybersecurity posture by automating a more proactive response.
In 2020, the FBI, DHS and the HHS warned that ransomware attacks against the healthcare industry were imminent. In retrospect, they were right. According to the Identity Theft Resource Center, ransomware attacks doubled in 2020 and doubled again in 2021. And according to government data, healthcare breaches doubled in the first six months of 2022 compared to the same period in 2021.
In private conversations, healthcare CISOs have confided that they continue to detect communication to Russia even after they have responded to the breach. It can feel like a never-ending treadmill for incident response teams; especially if they are relying on time-consuming manual processes. This challenge is further exacerbated by a cybersecurity skills shortage. The prognosis for the next few years seems unlikely to improve, which is why it is so critical for healthcare organizations to begin embracing automation today.
Complex systems are more vulnerable
Healthcare organizations are challenged by an ever-increasing attack surface, which includes a variety of cyber assets. Medical assets and operational technology (OT) environments are incompatible with many IT processes, such as installing agent-based protections, patching, and even vulnerability scanning. Healthcare organizations have embraced IT/IOMT convergence among their digital transformation initiatives, but without the proper controls they may lack visibility into vulnerabilities and risks that have emerged in these complex environments.
More mature organizations may be overwhelmed by dozens of IT and security solutions that lack any meaningful integration. They may lack insight into device context or be unable to respond to new threats. Multiple point solutions also tend to have conflicting data and overload incident response teams and security operations centers with more alerts than they can process. Many of these alerts are false positives or risks that have been mitigated by other means, such as network segmentation.