Topic: Healthcare’s Biggest Cybersecurity Blind Spots and Misconceptions

While awareness of the threats facing the healthcare sector has improved, providers have inherent blindspots and misconceptions leaving them exposed to a host of cybersecurity risks.

Threat actors are moving at a drastic pace and with stealthy tactics able to hide their activities from system administrators. The truth is that healthcare is struggling with some massive cybersecurity blindspots and misconceptions, making it extremely difficult to keep pace.

Data exfiltration and extortion was once seen as a rare worst-case scenario, but now it’s occurring in the majority of ransomware attacks. Meanwhile, reports show an increasing number of attacks targeting a range of newly disclosed vulnerabilities, along with legacy security gaps that administrators have overlooked and failed to patch.

A brief look at the four zero-day vulnerabilities in Microsoft Exchange and the ease in which advanced persistent threat actors are actively exploiting the flaws highlight the ever-bleak threat landscape and the need for highly advanced cyber posture.

And as the supply-chain attacks against Accelion’s File Transfer Appliance (FTA) and SolarWinds Orion demonstrate, just one hack can have a dramatic, rippling effect across multiple entities.

On the whole, healthcare has always been behind the curve in terms of resources and, in previous years, awareness was lacking. Breaches are commonplace in the sector, but many are caused on the whole, not by a lack of security – but the struggle to keep pace.

Though the tides have somewhat shifted, and it appears most understand that the threat is real and data breaches are nearly inevitable, what’s holding back the sector from a more effective defense strategy?

For Mitch Parker, Indiana University Health’s executive director of information services, the three major gaps not being addressed in healthcare are supply chain security, organizational integration, and physical security.

“In general, healthcare needs to do a better job communicating between siloed areas, specifically facilities, physical security, pharmacy, revenue cycle, environmental services, and even areas such as gift shops,” Parker explained.

“These operational areas all work from the same physical locations,” he added. “We can’t do our job of securing the environment without working together and coordinating our efforts so that we can develop plans to secure what is currently being used, and then developing plans to install more secure products.”

It’s not enough to tackle just one element, like EHR, API, or application security and think the task is done, he added. Instead, providers should examine the complete list of customer needs, then develop a plan to address those areas.

Topic Discussed: Healthcare’s Biggest Cybersecurity Blind Spots and Misconceptions

Read Original Article