Safeguarding healthcare supply chains with cybersecurity
Trevor Dearing, Director of Critical Infrastructure at Illumio, has worked on many pioneering technologies, from the early days of Ethernet Switching and VPNs, to modern-day firewalls and virtual networks. In his current role as Director of Critical Infrastructure at global cybersecurity Illumio, he helps organisations in key sectors such as manufacturing, healthcare, energy and utilities, to understand how they can boost resilience and reduce risk with Zero Trust Segmentation.
“Our mission is to make sure that organisations can maintain critical services during an attack. The way that we do this is by containing any attack and preventing the lateral movement of the breach. To facilitate this, we deploy a technology called Zero Trust Segmentation. This is simply microsegmentation using the principles of Zero Trust,” explains Dearing.
The Illumio platform enables organisations to easily visualise traffic flows across all aspects of the organisation to identify assets that are potentially at high risk of compromise.
“Using this knowledge all assets and resources can be simply segmented without the need to reconfigure networks or complex infrastructure,” Dearing continues. “This provides a more agile environment that can more effectively respond to any potential attack.”
Critical gaps in supply chain security
The supply chain remains one of the biggest targets for attackers, particularly when it comes to the software supply chain.
“It’s the easiest way for attackers to compromise systems en masse and to get more bang for their buck,” said Dearing. “In healthcare, one of the biggest gaps in supply chain security is the absence of regular, rigorous, cybersecurity audits.
“Our recent Freedom of Information request to the NHS showed that more than a quarter of Trusts haven't audited their supplier’s cybersecurity measures in the last 12 months. This lack of diligence creates dangerous blind spots, which continues to lead to major security breaches. This year alone, the average cost of healthcare breaches increased to US$11m, a 53% rise in three years.”
Furthermore, many entities within the supply chain continue to rely on outdated security protocols. “While the NHS itself might uphold stringent cybersecurity policies, these standards are not always maintained across the entire supply chain. This inconsistency creates vulnerabilities in external systems and applications like electronic health records (EHRs), IoT devices, and other resources that attackers are all too keen to exploit.”
A Zero Trust security model operates on the principle of ‘Never trust, always verify’, which Dearing describes as a dynamic security strategy for building cyber resilience and assumes that threats can exist both outside and inside the network, thereby eliminating the traditional trust-based approach that only focuses on external threats.
“In Zero Trust, every user, device and data flow is treated as potentially compromised, requiring verification before granting access or permissions. This strategy is particularly vital for healthcare providers like the NHS, where data is sensitive and systems are interconnected. For instance, under a Zero Trust model, each attempt to access different segments of the healthcare network would require separate authentication. A nurse might have access to basic patient data, but would need additional verification to view sensitive test results or financial information.”
According to Dearing, applying this ethos to the supply chain can help healthcare organisations to mitigate potential breaches.
“Zero Trust applies the principle of least privilege to data access and is particularly useful for those areas where you have less control over your security, such as your software supply chain. It ensures that every entity in the supply chain, be it a vendor or a third-party application, undergoes rigorous verification before being allowed access to sensitive information or systems. So Trusts can gain better control over who has access to what data and systems, reducing the attack surface.”
Microsegmentation can also be used to separate different aspects of the supply chain into different segments. This approach becomes especially crucial when dealing with multiple vendors and partners, each with their own level of cybersecurity preparedness.
“Zero Trust makes sure that even if one link in the supply chain is compromised, the threat is contained and doesn't propagate to compromise the entire network,” Dearing adds.
How hospitals can remain operational during a cyberattack
Dearing believes that the only way to build resilience to cyberattacks is by ‘assuming breach’ - focusing less on trying to stop breaches from happening and more on containing them when they do.
“Hospitals can leverage breach containment technology, like ZTS, during attacks to swiftly isolate affected systems, limit lateral movement, and mitigate disruption to critical services and patient care. ZTS has also been shown to help organisations save US$20m annually in application downtime.”
Regular audits of both internal and third-party cyber defences must also be performed, ideally quarterly or bi-annually, to identify vulnerabilities before threat actors exploit them.
At Illumio the team is continuously strengthening its platform and product portfolio, with further developments planned for 2024.
“As the healthcare sector transforms the way they deliver services, we need to make sure that cybersecurity transforms at the same rate,” said Dearing. “This involves simplifying the management and deployment of security and expansion of support into the cloud and other new platforms. We are always looking to enhance the platform's user experience to enable customers to access information faster and easier.”
*********************************************
For more insights into Healthcare - check out the latest edition of Healthcare Digital and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest - Manufacturing Magazine. Check out our free upcoming virtual event, Manufacturing LIVE, 6th December 2023.
*********************************************
BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEO's, CFO's, CMO's, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.
BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.