6 Min(s) Read
Adopting a Zero Trust approach should be a top priority for healthcare providers going into 2023. With these renewed security frameworks in place, both — healthcare service providers and patients will be able to breathe a collective, much needed sigh of relief.
The pandemic proved to be a challenging period for global healthcare providers, not only in terms of the vast number of patients they had to care for but also the countless cybersecurity attacks to which they were subjected. Unit 42, the threat intelligence group at Palo Alto Networks, found that healthcare was the most targeted vertical for ransomware at the peak of the pandemic. And now, just as the dust settled on this, we have witnessed multiple high-profile cyberattacks on prominent medical institutes across India. Yet again, the importance of securing medical infrastructure has been highlighted in the nation’s collective conscience, and rightly so.
The healthcare industry exhibits anomalous behaviour when it comes to cybersecurity. Despite a high level of awareness about its importance, there is a surprisingly low level of preparedness to deal with attacks of any substantial scale. This was best exemplified when about three-quarters of the 200,000 infusion pumps examined by Unit 42 had known security vulnerabilities that attackers could target.
This was despite the existence of vast pools of knowledge on how to secure devices against these specific threat vectors. This is particularly worrisome for life-critical devices as they hold extremely sensitive patient data — on both health and identity — that is valuable to bad actors for multiple reasons. Considering their life-critical nature, patching these devices to mitigate known or unknown vulnerabilities is rarely an option. This also extends to non-critical medical devices, as their usable life can far exceed their supported life.