When we think of digitalization, words like modern, cutting-edge, and efficient often come to mind – three characteristics anyone would want reflected in their healthcare system. Indeed, in this industry, digital innovation can literally save lives. That said, it’s not all so rosy.
Digitalization in healthcare can also introduce new vulnerabilities and increase cyber risk. Unfortunately, cyber-attacks in this space have risen dramatically in recent years. Check Point Research recently found that healthcare organizations around the globe saw an average of 1,436 cyber-attacks every week in 2022, 74 percent more than 2021. The group also noted that healthcare saw a bigger increase in attacks than any other industry.
While this increase is likely due to several factors, the evolution of digital transformation in healthcare plays a large part. Healthcare providers are embracing the Internet of Things (IoT), which means connecting operational technology (OT) assets like MRI machines and laboratory equipment to the network. This connectivity enables data sharing and improves efficiency, but it also has some downsides. It increases attack vectors and vulnerabilities where a hacker could strike and introduces risk by connecting technology that was not designed to protect against cyber threats. Connecting older technology to a digital network – technology that may not have been updated with cyber risks in mind – demands careful consideration.
The Evolving Threat Landscape
Historically, IT systems have been the main point of entry for hackers, and cybersecurity efforts have been focused on keeping those systems safe. However, attacks on OT systems are rising, and OT cybersecurity now requires a stronger focus.
For many healthcare organizations, this means a bit of a culture change. Traditionally, OT operators have focused on physical safety and functionality first. In healthcare, this means connecting assets to the digital network to improve patient care, while cybersecurity has ranked lower on the priority list. This is due in part to the fact that OT systems are usually maintained by engineers or lab technicians (OT operators), not the cybersecurity professionals often assigned to IT systems. However, trends in both digitalization and cyber-attacks require this to change.
Effective Network Protection
There are several steps OT operators within healthcare institutions can take to combat today’s ever-present cyber threats. First, segmenting OT and IT networks is a good way to prevent cyber criminals from accessing OT networks from the IT side. Separating the networks makes it more challenging for an attacker to hop from one network to another, thus reducing points of entry and overall risk to the healthcare OT system and avoiding any negative impact on patient care.
Effective OT network monitoring is also crucial. It is essential to have a complete, uninterrupted view of the OT network and be able to see all assets clearly, so that issues or anomalies can be spotted quickly, no matter where they occur. Operators also need the tools to easily evaluate risks and prioritize those that demand immediate attention. This enables businesses to optimize their cybersecurity expenditure and increase the ROI of the entire cybersecurity operation. Of course, when a possible threat is detected, OT operators must be able to act immediately to negate the threat. Running multiple “what-if” scenarios can help operators make intelligent, informed decisions that maximize cybersecurity ROI and best prioritize risk mitigation to fit an organization’s needs.
While digitalization brings with it many clear benefits, unfortunately, it also creates some new vulnerabilities, especially in the healthcare OT space. Cyber threats will continue to evolve, and OT operators must adjust their approaches to protect their organizations. In today’s environment, cybersecurity must take center stage in healthcare – it can no longer be an afterthought. Failure to prioritize cybersecurity in healthcare OT systems opens up the establishment to tremendous risk that could have far reaching and tangible impacts on health and safety. Resisting digitalization is not an option, but healthcare providers must approach it smartly and carefully to keep their businesses, customers, and patients safe.
The author, John Allen is a Strategic Pharma Consultant at Radiflow.