Healthcare has long been a key target for cyber criminals. But in 2020, the COVID-19 crisis put an additional, incredible strain on the industry. Fady Younes, Cybersecurity Director, at Cisco Middle East and Africa shares the impact COVID-19 has had, and continues to have on healthcare security. 

What are the main cyberthreats that target the healthcare industry?

Unfortunately, the complexity and challenge to secure healthcare is daunting. Like any industries, healthcare faces threats ranging from phishing and malware propagation, to identity theft, insider threats and more.

In addition, we must factor in the rising number of connected devices within healthcare networks, and more devices requiring network connectivity. Data from IoT and connected medical devices requires secure and segmented networks to better protect medical devices, guest wireless devices, clinician devices and more from cybersecurity threats.

Cybercrime has not stopped or slowed because of the global pandemic. Just last month, several of South Africa’s leading hospitals and healthcare organizations shared that they had been targeted by cybercriminals during the pandemic.

Healthcare has the highest average cost per breach of any industry today, averaging $6.54 million.  Cybersecurity is top-of-mind for healthcare leaders as they scramble to secure network, web, and endpoint connections. The goal is to achieve more holistic cybersecurity strategies for our healthcare providers, which ensure that sensitive patient data and virtual connections are secure.    

What do health organizations need to do to protect from this variety of risks and threats?

Healthcare organizations are under great pressure to protect digital assets, intellectual property, financial information, and patient records. And we should remember that a healthcare organization that has been the victim of cybercrimes may lose trust and loyalty amongst their patients, insurers, and clinical partners.

Therefore, healthcare providers need an integrated, unified, end-to-end security portfolio that keeps people, data and systems secure by addressing patient privacy requirements, improve threat detection, and reduce management complexity, ultimately saving time, money and putting the emphasis back on care delivery.

Top capabilities of a well-rounded security portfolio include:

• The ability to identify all endpoints on the network, categorize each to a security posture, and create profiles and policies by device type and vendor
• Proficiency in quickly identifying, isolating, and remediating cyber attacks
• Controlling access to patient data at the device, location, and user level to minimize risk
• Leveraging analytics and clinical informed alerts, enabling IT to reduce security risks to the entire network, while troubleshooting a known issue in an isolated segment

What does a good cybersecurity strategy for healthcare organizations look like?

With the shift to remote working, heightened demand for telehealth and virtual care, and more devices and connections on the network, there has never been a more critical time to address the cybersecurity strategy within a healthcare organization.

Cisco conducted a fully anonymous survey of over 4,800 active IT, security, and privacy professionals around the world – of whom 281 respondents represented healthcare organizations.

Of the healthcare participants surveyed, 51.2% felt that they were meeting compliance regulations, 49.1% said they are gaining executives’ confidence in the security program currently in place, 45.9% said they were successfully avoiding major incidents and 43.8% said they were managing top risks.

When it came to defining the strategies that help enable successful security outcomes within healthcare organizations, the survey looked at three categories – enabling the business, managing risk, and operating efficiently.

To enable the business, healthcare organizations noted that a proactive technology refresh plays a significant role in success. Those who let their infrastructure degrade and only update when things break showed significantly reduced rates of success in enabling the business.

For managing risk, proactive technology refresh was again in the top three strategies. Other strategies for success include timely incident response and prompt disaster recovery.

Lastly, in the category of operating efficiently, the top success strategy was the end-to-end integration of the security solutions and the effective use of automation.

So, what we can gather from this report is that organizations who take a proactive approach to defining their cybersecurity strategy and maintaining security posture, alongside constantly updating, and upgrading their technology have greater success than those who do not.

What opportunities do you believe could continue to evolve within the healthcare industry?

While the pandemic has brought tremendous devastation, a few positive innovations have emerged, and the use of critical technologies has no doubt accelerated. 

Patients and providers now have expanded access to virtual care, which includes applications like Webex for telehealth, population health management, administrative collaboration, care team coordination, and family visits. Virtual care technology makes healthcare more accessible for all people, regardless of their physical location or access to specialists and care providers. For providers, virtual care can help minimize burnout and decrease exposure risk, while enabling them to continue delivering care to patients.

The need to do more with less has also driven innovation in delivering location services in clinical environments.  Clinical workflows are more complex now, and it is more important than ever to quickly locate medical devices and equipment.  

With the increased adaptation of cloud security, and identification and authentication solutions, investments in infrastructure can now enable a more seamless and secure world of remote working. This has also opened up new possibilities for the rollout of telemedicine services, which local healthcare authorities have implemented to accelerate response times, while safeguarding the wellbeing of patients and practitioners alike. Furthermore, with new technologies leveraging location data, healthcare services can ensure greater clinical operational efficiency, improved patient throughput capabilities, and active monitoring of asset utilization.