A cybersecurity diagnosis for the healthcare sector with breach-likelihood

By: Saket Modi, Co-Founder and CEO at Safe Security

For more than the past decade, healthcare has been the biggest target of data breaches. The total average cost has increased to $9.23 million in 2021 from $7.13 million the previous year, demonstrating a 29.5% rise. Cyberattacks in healthcare are unfortunately not limited to their financial, regulatory, and reputational impact since they have a direct consequence on lives. An Alabama-based resident claimed negligent homicide for the death of her infant because the hospital’s fetal monitors were inaccessible as a result of a ransomware attack, leaving its systems locked for eight days. For instance, if a hacker tampers with CT or MRI scans, it could also lead to incorrect medical procedures/surgeries, incomplete diagnoses, and reduced emergency or urgent care.

In such a scenario, the healthcare sector needs to quickly improve its cyber risk management. This is possible only if they move away from the traditional reactive and point-in-time approach in cybersecurity to adopt a predictive and measurable method instead. Adopting a proactive strategy includes knowing the organization’s breach-likelihood in real-time and its financial impact on the organization.

The current state of cybersecurity in healthcare:

The NotPetya attack happened five years ago. Since then, has much changed in the healthcare sector? The cost of ransomware alone has grown by 1094% since 2015. However, there are three key areas where this sector falls short:

1. Accidental and/or malicious insider threats: The HIMSS Cybersecurity survey 2020 states that 89% of initial compromise in hospitals is still through emails and more than half (57%) of the cyberattacks in healthcare begin via trusted insiders.
2. Third-party are unsecured often with unrestricted access: Over 1600 insurers at an average share PHI with hospitals. Hospitals also deal with a large number of medical devices suppliers, vendors for equipment, medication, repairs, and more, each third party is likely to be an entry point.
3. Medical device security: There will be ~50 billion medical devices by 2028, with 15 – 20 IoMT in each hospital room, creating a vast digital attack surface. Interestingly, while one aspect is digitizing faster than it can be secured, 83% of medical imaging devices are still legacy systems too old to receive software updates.
4. The lack of a designated security team: 87% of healthcare IT security leaders work without the right personnel, and three in four hospitals are operating without a designated security leader.

Can predictive analytics in cybersecurity help the healthcare sector?

Financial services organizations predict the likelihood of loans being repaid using the financial history of the applicant, their previous loans, salary/income, and credit score. Similarly, OTT platforms use predictive analytics and algorithms to improve their suggestions. The medical fraternity too relies on prediction models to improve diagnostics, identify risk groups, and improve patient care. Why not use the same analytical approach to predict the possibility of a breach rather than detecting cyberattacks after they happen and reacting to them? The use of predictive technology and models such as the Bayesian Network to predict cyber breaches makes this possible.

Enterprise cyber risk is a product of the probability of a breach happening and its business consequence. This probability is termed the “breach-likelihood” of the organization and can be calculated at the most granular level. Starting from the breach-likelihood of each medical device in every room, department-wise employee threats, to vendors or suppliers of equipment and pharmaceuticals, Electronic Medical Records directory on the cloud and the security posture of each cloud asset – the possibilities are endless. Each prediction makes the organization that much more prepared to predict and therefore mitigate breaches. Once an organization knows what to expect, it can focus energies on fixing what really matters rather than carrying out ad-hoc activities which only add to a sense of security rather than real cybersecurity.

How does breach-likelihood help the healthcare sector?

Breach likelihood in the healthcare sector can be a gamechanger in giving the visibility that is missing today. Similar to doctors arriving at a diagnosis after carrying out due diligence, sieving noise from actual symptoms, and aggregating all relevant information to a central database, cyber risk quantification can segregate information from noise.

As healthcare organizations ramp up cybersecurity infrastructure, they need to remember that all cybersecurity services, products and processes implemented in their cyber risk ecosystem need to communicate with each other. In a scenario where tens of cybersecurity services and tools are performing well in silos, but together fail to generate a comprehensive and prioritized solution, breach-likelihood is can create one score to drive cybersecurity strategy.