The following is a guest article by Ty Greenhalgh, Industry Principal of Healthcare at Claroty
Cybersecurity in the healthcare sector faces persistent challenges despite increasing awareness and the implementation of targeted guidance, such as the HHS Healthcare and Public Health (HPH) Cybersecurity Performance Goals (CPGs), which are nearing their one-year mark. The urgency to translate this guidance into actionable strategies has never been higher. While progress has been made, many healthcare organizations remain vulnerable to critical threats. Social engineering, Internet-facing devices with Known Exploited Vulnerabilities (KEV), and third-party risks continue to dominate as the primary concerns. These risks jeopardize not only patient safety but also the continuity of essential healthcare services, underscoring the urgency of adopting proactive and comprehensive cybersecurity measures.
Deceptive Attacks: The Social Engineering Challenge
Social engineering, particularly phishing, remains one of the most effective tools for cybercriminals targeting healthcare organizations. Phishing attacks exploit human vulnerabilities, deceiving employees into granting unauthorized access to sensitive systems or data. While phishing is a long-standing threat, attackers are increasingly leveraging direct exploitation of vulnerabilities. The 2024 Verizon Data Breach Investigations Report (DBIR) demonstrates a recent increase in direct vulnerability exploitation with a comparable decrease in broad phishing attacks, making attacks more targeted, sophisticated, and harder to detect.
Healthcare organizations must bolster their defenses against these threats. Measures like implementing multi-factor authentication (MFA), encrypting sensitive data, and enhancing email security through advanced phishing detection tools are critical. Despite these efforts, the 2024 Claroty State of CPS Survey reveals persistent gaps, with 26% of healthcare organizations lacking Threat Detection and Response via OT-specific Security Operations Centers (SOCs) and 56% failing to utilize threat intelligence for Cyber Physical Systems (CPS).
The Weak Link: Internet-Facing Devices with KEVs
The proliferation of CPS devices, including medical and IoT systems, has expanded the attack surface for healthcare organizations. Internet-facing devices with known exploitable vulnerabilities present a significant risk. Claroty’s analysis of 20 million medical devices underscores the severity of the issue, revealing that 72% of imaging systems are internet-connected with at least one KEV, and 32% operate on outdated systems. Alarmingly, 45% of CPS devices remain internet-connected, offering a direct path for attackers.
Addressing these vulnerabilities requires healthcare organizations to adopt regular software updates, implement network segmentation to contain breaches, and enforce strict access controls. However, only 66% of healthcare organizations integrate risk assessment into their vulnerability management programs, leaving critical weaknesses unaddressed.
A Fragile Ecosystem: Third-Party Risks in Healthcare
The reliance on third-party vendors for data sharing, maintenance, and operational support introduces additional cybersecurity challenges. Incidents like the Change Healthcare attack illustrate how third-party vulnerabilities can have cascading effects on healthcare organizations. The statistics are concerning, with 82% of healthcare organizations reporting attacks originating from third parties, and 45% experiencing five or more third-party-related attacks within a given period.
Mitigating third-party risks requires implementing strict access controls to limit third-party access, continuous monitoring of partner activities to detect anomalies, and conducting regular risk assessments to evaluate the cybersecurity posture of vendors. Despite these strategies, 75% of organizations face significant challenges in controlling partner-managed sub-systems, indicating a pressing need for more robust and enforceable solutions.
Securing the Future of Healthcare Through Proactive Cyber Defense
Cybersecurity threats in the healthcare sector remain a pressing concern, with social engineering, internet-facing devices with KEVs, and third-party risks presenting significant challenges. While targeted guidance such as the HHS’ HPH CPGs offers a pathway to improved defenses, the healthcare industry must act decisively to implement these measures. By leveraging the Essential Cybersecurity Practices outlined in the CPGs, healthcare organizations can strengthen their resilience against cyberattacks, safeguard patient safety and data privacy, and ensure the continuity of essential healthcare services. It is imperative that healthcare leaders view cybersecurity not as an ancillary concern but as a foundational component of their operational integrity.
About Ty Greenhalgh
Ty Greenhalgh is the Industry Principal of Healthcare at Claroty and an “Ambassador” with the HHS 405(d) Task Group, contributing to the development of HPH-CPGs and the Landscape Analysis. Additionally, he serves as a member of the HSCC Cyber Working Group. He played a pivotal role in introducing several Best-in-KLAS Healthcare AI solutions like OCR, NLP, ML, and speech based AI solutions, all of which significantly advanced healthcare operations and hospital profitability.
No comments:
Post a Comment