A predictive cybersecurity diagnosis for healthcare

For the past 11 years, the healthcare industry has been the most impacted by data breaches. In fact, the average total cost of a breach increased from $7.13 million in 2020 to $9.23 million in 2021, a 29% increase in just one year, per the 2021 Cost of a Data Breach report.

Unfortunately, cyberattacks in this sector are not just limited to financial, regulatory, or reputational impacts. They also directly put patient safety at risk. For example, in 2019, Israeli researchers showed that medical scans are vulnerable to being edited and manipulated.

In 2021, Swisslog, a pneumatic tube supplier, experienced a widespread firmware vulnerability that put thousands of hospitals at risk for ransomware attacks. If hackers can tamper with CTs or MRIs, they can also lead to misdiagnosis, insurance fraud, ransomware, cyberterrorism, and incorrect medical procedures or surgeries.

The healthcare industry needs to improve its cyber risk management. This is possible if it shifts from a traditional reactive cybersecurity approach to a predictive approach. The cornerstone of adopting a proactive strategy is to understand an organisation’s real-time, objective breach-likelihood.

Healthcare and cybersecurity gaps

Healthcare organisations have pioneered the adoption of cutting-edge technology to improve patient care – be it with IBM Watson predicting cancer leveraging AI-enabled technology or robotic surgeries to improve precision. However, cybersecurity practices have not kept pace with the technologies they aim to protect.

There are three key areas where the industry falls short:

• Medical device security: Research shows that an alarming 83% of medical imaging devices still run-on legacy systems that are too old to receive software updates. For perspective, there will be 50 billion medical devices by 2028, with 15-20 IoMT devices in each hospital room at risk of attacks.
• Accidental or malicious insider threats: The HIMSS Cybersecurity survey 2020 revealed that 89% of initial hospital compromise still occurs through emails, and 57% of cyberattacks begin with trusted insiders. Hospitals also share PHI with ~1600 insurers, each equally liable to be a point of entry.
• Lacking a designated security team: Often, operations managers maintain the systems instead of IT administrators – 87% of healthcare IT security leaders say they don’t have the right personnel to secure their systems. And this number has gotten worse since the same 2017 report, when 75% of hospitals were operating without a designated security leader.

However, there is hope for the healthcare industry as it’s poised to invest $125 billion in cybersecurity by 2025. But does investing more automatically improve cyber risk posture? The answer is more complex than you might think.

Can healthcare organisations predict breaches before they occur?

Banks and insurance companies use credit scores to predict the likelihood of loans being repaid. Streaming TV platforms use prediction algorithms to improve content suggestions. The medical industry itself uses prediction to improve diagnostics and patient care. Why not take the same approach to predict the possibility of a breach rather than detecting cyberattacks?

Cyber risk can be broken down by the business consequences of a cyberattack and the probability of such an event happening. This probability is termed the “breach-likelihood” for the organisation. It can be calculated at the most granular level – the breach-likelihood from each medical device of every room, or through personnel of every department, even for vendors or media equipment suppliers – the possibilities are endless. Each prediction makes the organisation that much more prepared to mitigate breaches. And as they say, prevention is better than a cure.

How does breach-likelihood help the healthcare sector?

Breach-likelihood can become the single metric needed for cybersecurity conversations, creating a complete picture out of a previously disjointed puzzle. It empowers security leaders with a unified, real-time view of cyber risk posture and transforms cybersecurity into a shared responsibility. With breach-likelihood, cybersecurity gets the much-needed quantification it currently lacks.

Established frameworks such as ATT&CK MITRE have developed a ransomware support hub for hospitals and health systems. This can help them "better prepare for, respond to, and recover from ransomware attacks." Extending this same mindset to enterprise-wide cybersecurity across people, processes, policies, technology, third-party, and evaluating the efficiency of in use cybersecurity services using breach-likelihood is a logical solution to an age-old problem.

As healthcare organisations invest in their cybersecurity infrastructures, they need to remember that all products and processes need to communicate with each other to generate a holistic cybersecurity posture. When tens of cybersecurity services and tools are performing well in silos, but together generate more noise than solutions, breach-likelihood is the glue that can hold cybersecurity strategies of the future together, and the future is here now.