As we approach 2023, healthcare continues its intricate pattern of challenges. The post-pandemic staffing shortage and rising cyber-attacks stand against healthcare delivery services globally.
Continue reading to discover 5 critical cybersecurity trends in healthcare.
Increase in Remote Care Means Increase in Remote Devices
Remote patient monitoring (RPM) made its mark years ago. Take for example Mercy Virtual, (launched in 2015) which incurred a 50% reduction in emergency visits and hospitalization in less than 4 years.
However, the concept gained traction when telehealth reimbursement and RPM were enabled by the Centers for Medicine and Medicaid Services (CMS) after COVID-19. This led to a drastic increase in virtual visits and telehealth services.
RPM typically employs a patient’s tablet/phone connected to a pulse oximeter, scales, and blood pressure cuff. With more patients enrolling, more devices will be used, expanding the attack surface in HDOs.
The Expanding Attack Surface
Based on a recent CHIME focus group held by Armes, traditional IT devices (windows desktops, laptops, etc.) are most vulnerable to cybersecurity attacks. Since they store Personal Health Information (PHI), access to patient information is one concern. The other is the risk of patient care in care delivery.
Healthcare has a closely knitted system of IoT, OT, and IoMT devices, each playing an important role in patient care. For example, a building management system (BMS) controls HVAC and elevators, whereas IoMT devices involve nebulizers, pumps, ingestible devices, etc. This leaves hackers with entry points from where they could create far-reaching disruptions in patient care.
Rising Responsibility Of CIO
Healthcare devices typically use shared provided by the IT teams, but their patching and security fall under the responsibility of individual departments. For this reason, IT teams have limited access to devices in which security agents installation is problematic.
Additionally, adding a patch to the MRI machine or updating the firmware of thousands of infusion pumps (with a USB stick) is not a big priority besides posing logistical challenges.
Led by the CIO, all digital systems in healthcare should be aligned under a single point of responsibility. Resource allocation for this purpose can be unfeasible, leading to managed and hosted services.
Increase In Managed and Hosted Services
Due to staffing shortages in the clinical and IT sphere, most high-tech organizations are tapping into global talent pools remotely. But what’s difficult is attracting, training, and retaining them. Besides, the experience becomes a pivotal factor in understanding healthcare information security and vulnerability management.
With the rise in cloud migration, healthcare organizations can now more safely acquire services from cloud providers and engage managed services for the provision, management, monitoring, and securing of those services. The consistency, accountability, and predictability will free your top resources to confidently work on innovative security solutions.
Growth of Zero Trust Security
Executing the single security strategy becomes overwhelming considering the security and privacy compliances healthcare has to follow.
When applied holistically, the Zero Trust model entails creating the framework, concepts, and architecture to deal with data, identity, workload, network, and device security. It allows for the acceptance, willingness, and awareness of a consolidated asset security strategy.
If instruments like medical devices and BMS are included in a single security strategy, the risk of a single infected device damaging the healthcare system can be mitigated. Although challenging and complicated, it’s a great starting point for CISOs aiming for this strategy.
