Share this article on:
Gavin Wilson from Forescout explains why the healthcare industry should consider network segmentation as a means to bolstering cyber security protections without placing more pressure on the workforce.
Australia’s healthcare sector suffers more data breaches than any other industry, accounting for 18 per cent of all breaches according to the latest OAIC Notifiable Data Breaches report. In an industry that is rapidly digitising, the amount of personal information stored and transferred electronically is increasing exponentially, opening new channels of attack for cyber criminals who are looking for new weak spots to exploit.
Unfortunately, with the ongoing challenges Australian healthcare providers are already facing, the business disruption these data breaches cause is a headache healthcare systems simply cannot afford.
The challenge is clear: Australia’s healthcare sector must develop more robust and dynamic cyber strategies if it is to stay ahead of the quickly expanding global threat landscape.
A breakdown of healthcare’s cyber threat landscape
Cyber security breaches are almost always a result of compromised or stolen credentials with 88 per cent of all attacks using this methodology, according to the latest OAIC Notifiable Data Breaches report. In the case of healthcare organisations, their use of highly interconnected networks across a range of devices makes them an easy target for attackers to gain full access across unmanaged flat systems. Attackers often enter through traditional IT devices, behaving as if they were a part of the organisation to eventually move laterally across networks and launch malware, steal data, and otherwise compromise systems.
While overlooked misconfigurations on medical devices leave them highly vulnerable to attacks, organisations can also do nothing wrong and still be exposed to cyber attacks due to Software Bill of Materials (SBOM) vulnerabilities. A perfect example of this is the Access:7 Vulnerability, which was recently discovered and disclosed by Forescout Technologies, revealing a whole new level of threat to the healthcare system.
This vulnerability could enable hackers to remotely exclude malicious code, access sensitive data or alter configurations on medical and IoT devices running PTC’s Axeda. Over half of the affected device vendors belonged to the healthcare industry (55 per cent), followed by almost a quarter (24 per cent) that developed IoT solutions. The vulnerabilities were also found most often in medical imaging (36 per cent) and laboratory (31 per cent) machines, proving the extent to which hackers can exploit critical operations.
Access 7 has shown that the potential impact these cyber threats have on healthcare systems is significantly increasing. This, coupled with the fact that healthcare staff are already heavily under resourced and on the back foot from the pandemic, has created the perfect storm for the industry. Due to the limited capacity of frontline workers to learn new processes and systems, there is little they can do to assist in preventing these attacks. Overhauling their entire interactions with technology isn’t feasible and would lead to significant disruptions and growing pains for the entire workforce, which is not something that can be sacrificed when dealing with clinical care.
A solution is needed that requires minimal onboarding for both healthcare and IT workers to ensure the day-to-day operations of clinical care continue undisrupted and that current and future cyber threats are addressed.
The case for segmentation
Network segmentation is a primary risk mitigating strategy against current cyber security threats. For IT and security teams within the healthcare sector working to protect their network while ensuring continuity of care, segmentation is the most suited approach. It can protect networks against ransomware and other threat actors, compliance fines or stolen confidential patient information, and limits the blast radius of a compromise to allow for other systems to ensure business continuity and no disruption to patient care.
While this offers several advantages, there is a perception among healthcare bodies that segmentation could cause too much disruption to essential clinical care, or that it requires increased specialised implementation skills. Of course, most healthcare organisations could use more people power in IT teams to govern their networks. Yet with segmentation, automated cyber security helps bridge this gap to alleviate pressure on staff. Applying automation to connected devices avoids overwhelming security teams with alerts and reduces the need to manually move devices that generate abnormal network traffic or configurations. Having this in place connects multiple teams and systems into a unified, automated policy mechanism which operates across the entire network, significantly increasing effectiveness and efficiencies while also keeping patient care undisrupted.
With healthcare workers clearly under severe pressure, adding cyber security to their list of responsibilities is not a practical solution, and could be detrimental to their patients’ wellbeing. Implementing segmentation offers a solution which requires minimal change to routine for frontline health workers. The solution addresses the severe cyber threats continuously impacting the industry and helps implement practices that are secure across networks, while also maintaining continuity of care.
Gavin Wilson is the regional director ANZ at Forescout.