We’ll likely never know if Joseph Popp was wrestling with whether he should go big or go home before he launched the first-ever ransomware attack in 1989, but the world would’ve been better off if he’d done the latter. Popp, an evolutionary biologist reportedly disgruntled over not getting a position in the World Health Organization, sent the malware he cooked up—the AIDS Trojan—to 20,000 doctors and AIDS researchers. His code wasn’t particularly sophisticated or potent, but the gambit worked, paving the way for future mayhem.
To this day, the health care industry remains a constant target. Sometimes, more serious consequences hang in the balance than money and sensitive files—especially when hospitals are involved. An American Hospital Association American Hospital Association advisory puts it this way: “A ransomware attack on a hospital crosses the line from an economic crime to a threat-to-life crime.”
Life-and-death consequences of attacks on hospitals aside, the health care industry at large is a preferred target for data breaches because of the high residual value of stolen records.
Unique Challenges in Health Care Security
Challenges that healthcare organizations face when protecting themselves from cybercrime include.
· Latency: It’s not required per se, but encryption is the only practical way to meet HIPAA standards for electronic protected health information (ePHI). As a result, most network traffic is encrypted. All that encrypted traffic presents potential latency issues that can impact everything from staff productivity and patient care to telemedicine and remote diagnostics.
· Data Integrity: Application integration and interoperability are increasingly vital to patient safety and outcomes.
· Data Volume: Health care organizations have sensitive personal and financial information on large pools of customers and employees.
· Physical Locations of Sites and Partners: Industry consolidation, partnerships and an ever-increasing range of connected entities like clinics, labs, research sites and insurance companies create complex challenges in visibility, auditing, data control and compliance reporting.
· Operational Inefficiency: As Internet of Medical Things (IoMT) devices, mobile resource access and cloud-based solutions adoption digitally transform the industry, health care organizations rely on point products or security tools provided by individual cloud vendors to secure expanded attack surfaces. These tools don’t integrate well, which leads to increased security staffing needs, slow threat response, increased software costs and heavy investment in expertise and training to remain current on multiple point products.
· Compliance Reporting: The range of regulations and reporting necessary for various jurisdictions can be overwhelming and peel critical staff away from vital projects to meet audit report demands.
· Costs: All these complexities inflate security costs—both directly and indirectly.
A Single-Vendor Solution Makes All the Difference
Nearly all the challenges we’ve discussed are directly tied to complexity—business model and ecosystem complexity, infrastructure and device complexity, complex rules and regulations and no room for error in high-stakes medical scenarios or securing highly sensitive data. And on top of it all, as we discussed up front, the health care industry is under constant assault by cybercriminals.
A single-vendor solution that wraps infrastructure and network edges into a comprehensive security fabric can dramatically:
· Reduce complexity
· Increase efficiency (low latency, native integration and interoperability among all components, superior threat prevention, detection and response)
· Lower costs
Check Out This Interactive Walkthrough
Fortinet published an interactive widget that your MSSP can use with health care industry clients to walk through the challenges they face and the solutions that tackle them. It covers medical campus needs, remote doctor connections from home and everything in between (doctor offices, urgent care centers, emergency triage tents, radiology labs, etc.). You can check it out here.