Healthcare providers must put prevention at the centre of their ransomware defense

The situation: Healthcare providers are the only entity that actively manages life and death from second to second in clinics, hospitals, and other clinical facilities. To address this, providers use some 15 connected devices per acute care bed in the US. The count of connected devices is growing with the increased complexity of diseases, enhanced sophistication of therapies, and evolving technologies to meet the needs of clinicians and patients. In addition to connected devices, clinicians are leaning on AI-driven diagnostics and decisioning, wearables and sensors to monitor patients remotely. They also use other assorted technologies to develop precision medicines.

The risk: Bad actors could potentially carry out ransomware attacks to take over the command and control servers for these connected devices and shut all of them down if Healthcare providers fail to deliver the criminal’s requests.

The approach taken to mitigate the risk: The uniqueness of healthcare providers’ value proposition of life and death has informed their approach towards addressing bad actors. That approach prioritizes the deployment of advanced threat monitoring and hunting processes to proactively detect signs of ransomware attacks in their environment and mitigate vulnerabilities before they lead to disaster. Fifty-four percent (54%) of cybersecurity executives working in the healthcare provider industry strongly agree that this is the best approach, compare to only thirty-two percent (32%) in other industries.

The problem with this approach: This approach is very risky as detective processes usually rely on manual interventions and cannot detect all breaches. In addition, this approach is not aligned with the main objective of other industries which is to focus first on prevention.

The ideal starting point: Prevention starts with implementing solutions to prevent lateral movements across the environment (later movement being the process by which cyber criminals spread from an entry point to the rest of the network). This “threat containment” approach effectively limits the damage once breached, preventing attackers from moving laterally through the network in search of sensitive data and other high-value assets. Ninety-one percent (91%) of cybersecurity executives working in other industries agree or strongly agree that this is the best approach, and most of them consider this approach as a central and critical component of their overall “Zero Trust” strategy.

The Bottom Line – Prevention, prevention, and more prevention. The risk is too high for healthcare providers to combat ransomware attacks by predominately relying on detection measures. Prevention or detection by itself does not meet the needs of healthcare providers who manage life and death, but the combination of both is the ideal recipe for providers to keep patients safe from bad actors

Explore the HFS Pulse Dashboard

Take a look at the breadth of data in our Pulse Dashboard, which showcases data about current and future demand trends for technology and business services and related emerging technologies. See more here.