In today’s digital age, the world is more interconnected than ever before. Whilst this presents an opportunity for innovation, it also means that more businesses and individuals are operating online, which in turn, increases the risk of cyber-attacks – as the digital economy expands, so does the opportunity for malicious actors to exploit vulnerabilities in IT systems. In fact, more than 93% of healthcare organisations have experienced a data breach over the past three years – but why is this industry so vulnerable to attacks?

Following the pandemic, adoption of technology within healthcare has soared, and the number of connected medical devices within the Internet of Medical Things (IoMT) is on the rise. However, whilst this growth represents significant opportunity for the industry, IoMT is often extremely vulnerable to cyber-attacks. This is largely because 5G technology increases the ‘attack surface’ for malicious actors, by introducing a whole new class of targets to the internet-connected ecosystem. So how can the healthcare industry protect itself against a complex threat landscape?

Eliminate inherent trust 

As the healthcare industry continues to rely heavily on connected devices, it is essential that trust is earned rather than given freely; all users should be considered a potential threat until proven otherwise. By adopting a Zero Trust framework, it removes the implicit trust often given to traffic within a network and acknowledges that users should always be authenticated and authorised. With many different personnel within a healthcare environment that need to access sensitive data, eliminating inherent trust will help create the security-first culture that is so essential in today’s cyber environment.

Ensure deep observability with SSL/TLS decryption

Covid-19 saw a huge increase in network traffic as many processes moved online. To stay safe from ransomware, it is not enough to rely on end point detection – healthcare IT teams must ensure deep observability across the whole network. This means visibility into east-west traffic (information that travels internally) as well as north-south (data from external sources). This is needed for a number of reasons: the detection of laterally moving threats; compliance with governance standards that mandate data protection; accurate performance measurements; and faster troubleshooting. 

To achieve this level of insight requires inspection of encrypted traffic, especially as many cybercriminals now use encryption to hide their activities. However, healthcare organisations hold such sensitive patient information and data privacy must be a top consideration. By utilising SSL/TLS decryption tools and data-masking, healthcare organisations can reduce cost, protect sensitive patient data and boost security. An SSL/TLS decryption tool decrypts traffic and routes it to security monitoring solutions, maximising the availability and overall capacity of the security devices. The data-masking element alters data so that while it is structurally similar, it remains obscured and cannot be seen or stored. 

What’s more, analysing network traffic for threats can be a resource-intensive task. Firewalls often struggle to keep up with network demands when multiple security features like IPS, URL filtering, and virus inspection are enabled. However, using an SSL/TLS solution can alleviate this strain by offloading processing from the monitoring devices. In turn, uptime and performance will improve. For healthcare organisations in the public sector, optimisation of current technology rather than investing in expensive new solutions will prove essential for keeping budgets low and being able to do more with less.

If IoMT and healthcare technology is to provide the transformational value it is meant to, cybersecurity must be considered from the start. Without visibility into all threats across their network, healthcare NetOps teams will struggle to keep their IT systems out of critical care.

Byline by Ben Johnson, the Regional Director at Gigamon