Cylera leads IoT Security and Intelligence to protect people and businesses. The company was founded in 2017 and is based in New York.
Chief Security Strategist Richard Staynings is an author, public speaker and advocate for improved cybersecurity across the Healthcare and Life Sciences industry and has over 25 years’ experience of both cybersecurity leadership and client consulting.
Here, he shares his knowledge on cybersecurity in healthcare and how the industry can protect itself.
Hello Richard! How do the priorities around cybersecurity in healthcare differ globally?
“The Healthcare industry in every country faces unique and many cases similar challenges. Vertical demand for health services is ubiquitous yet a patient’s ability to pay for such medical services individually, via health insurance, or collectively via public health is extremely limited.
“Indeed, public health systems like the NHS are, according to some reports, on the verge of collapse as a lack of trained clinicians and chronic shortfall in funding exacerbate already long wait lists for elective procedures. This reduces public confidence in the public health system, further eroding its breakdown as patients go elsewhere as the system crashes.
“All western health systems face an existential crisis over the next two decades as an ageing population of baby boomers retires and consumes ever increasing levels of health services as they age. At the same time, fewer people participate in the workforce thanks to more years spent in education and earlier retirement, resulting in lower lifetime contributions to taxes and health insurance thus reducing available revenues for providers.
“In the US, many of those who lived their whole lives with inadequate access to healthcare are similarly reaching retirement age and becoming Medicare eligible. They present decades of untreated chronic diseases and consume a large proportion of the entire Medicare budget. Indeed, the treatment of compound chronic diseases such as diabetes, obesity, heart, cancer, stroke and chronic obstructive pulmonary disease consumes nearly 96% of the entire Medicare budget today leaving very little for those in better health and very little for cybersecurity. More than one in four Americans have multiple chronic conditions (MCC).
“The fact of the matter is that healthcare has underinvested in cybersecurity for decades and has accrued an almost massive level of technical debt as new innovative healthcare technologies have been implemented without a corresponding level of cybersecurity investment to protect these and other new technologies. This is known as the ‘Maturity Paradox’ and is one of the reasons why healthcare is being hit so hard by cyberattacks compared to other industries.
What more could the healthcare sector do to stay protected and compliant?
“The healthcare industry is so far behind the curve, that the list of things the industry needs is now very long. This is as a result of decades of underinvestment in cybersecurity, network architecture and IT system management. The industry needs to adopt and embrace the ZeroTrust security framework by implementing strong authentication and highly granular access controls for those who work in the industry.
“It also needs to apply ZeroTrust principles to its networks and connected assets by implementing multi-tiered software defined networks and micro-segmentation of medical and other high-risk connected IoT assets. With IoMT making up more than 75% of hospital endpoints, the internet of medical things (IoMT) represents the open back door to healthcare security. Most of these devices were never designed with security in mind, few are ever patched against known vulnerabilities, and most go largely unmanaged by their different owners. Connected on one side to medical networks and the other side often to a patient, these systems present a huge patient safety risk as well as a useful and easy foothold for perpetrators on healthcare networks.
“Most healthcare providers have almost no idea what actually connects to their medical networks, what risks each of those endpoints represents, or how to remedy those risks if they knew what they were. The industry badly needs intelligent and highly automated tools to manage connected IoT and OT systems. It also needs to do a much better job of training staff in security awareness so that attacks can be quickly identified and thwarted. Finally, it needs to plan for security incidents and practice security incident response capabilities along with disaster recovery and business continuity planning. It’s no longer a question of if a hospital is attacked, but how often and what damage will it sustain as a result?”
Read a Healthcare Digital's exclusive byline from Richard here, ‘Digital healthcare faces constant cyberattacks’.
BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEO's, CFO's, CMO's, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.
BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.
- Johnson & Johnson: Turning supplier spend into local supportProcurement & Supply Chain
- Seasonal Affective Disorder’s impact on health & solutionsMedical Devices & Pharma
- CGI teams up with Totalmobile for digital healthcare serviceDigital Healthcare
- Deloitte: generative AI can improve access to healthcareTechnology & AI