Cybersecurity for the healthcare sector is complex. Not only have technological innovations like Internet of Medical Things (IoMT) devices increased the attack surface, but cyber attacks against hospitals and other healthcare organizations have the potential to impact patient safety. Cyber incidents are also extremely expensive and take away much-needed resources that could go toward patient care or improving cybersecurity posture.
In fact, for the 13th straight year, healthcare was the most expensive industry for data breaches, with each incident averaging nearly $11 million in 2023, according to IBM's Cost of Data Breach 2023 Report. That’s almost double the average cost of a breach ($5.9 million each) in the second-largest sector, finance.
The increase of cybersecurity incidents and the possible financial fallout is putting pressure on IT and security teams to strengthen their attack surface management and gain more control over their infrastructure.
Strong cybersecurity posture = improved patient safety
For healthcare organizations, time is a critical factor when it comes to cybersecurity. Why? Because cybersecurity is as much a technical issue as it is a patient safety issue.
Compared to other industries, IT and security teams at healthcare organizations don’t have the flexibility to take systems offline. Lifesaving devices like defibrillators and ventilators must stay online 24/7. That means these devices aren’t often touched by IT or security teams, putting compliance at risk.
Some devices could be running outdated technology or an operating system that doesn’t support a security agent. This makes it almost impossible to patch and protect these devices from vulnerabilities.
Then there’s the sheer number of devices with sensitive and critical data, like names, addresses, and social security numbers. More healthcare organizations are utilizing Internet of Medical Things (IoMT) devices, like remote patient monitoring machines. In fact, modern hospitals have about 10 to 15 connected devices per patient bed. Now imagine the total amount of devices for hundreds of patients — and the effort it takes for IT and security teams to discover, manage, and secure every device while maintaining patient safety.
The failure to maintain effective cybersecurity measures can have profound consequences. There’s the loss of medical or personal data, but a cyberattack can cause devices to malfunction or spread to other connected devices or networks. Healthcare organizations may have no other option than to shut down their computer networks, which could last for days and sometimes weeks. And for IT and security teams, they’re scrambling to find, mitigate, and recover from the cybersecurity incident and likely pushing off other necessary responsibilities during this period.
In an interview with CBS News, John Riggi, the American Hospital Association’s senior cybersecurity advisor, said it takes weeks for hospitals to recover from a data breach. In the meantime, hospitals often revert to paper systems and staff monitor or run records between departments.
That was the case for Prospect Medical Holdings, which experienced “the largest cyberattack on a U.S. hospital system” in a year, according to reports. In early August, Prospect Medical Holdings took its main computer network offline for 16 hospitals and over 165 outpatient facilities in California, Connecticut, Pennsylvania, and Rhode Island.
To counter the magnitude and scale of cyber threats, healthcare organizations need better visibility and control. Ensuring patient safety and strengthening cybersecurity comes down to understanding what’s happening across their entire digital infrastructure.
The role of comprehensive asset inventory in healthcare
An asset inventory is a crucial component of a strong cybersecurity posture.
Yet the traditional methods to gaining an accurate and comprehensive asset inventory aren’t working because they can’t keep up with the complexity of modern healthcare environments. Spreadsheets and other manual ways to conduct an asset inventory take too much time and likely include errors. Tasks like pinpointing the real-time locations of EKG machines or identifying unsupported operating systems in IoMT devices are almost impossible to manage at scale.
With timeliness so important in healthcare, broad visibility across the attack surface is key. That’s where cybersecurity asset management comes in. By connecting existing tools and data sources, IT and security teams can discover devices, users, software, cloud infrastructure, and more. Aggregating asset data can help them correlate, de-duplicate, and de-conflict that data without scanning or installing agents. An always up-to-date asset inventory speeds up the time for IT and security teams to understand and manage what’s happening in their digital infrastructure. They can quickly take action to mitigate and remediate a vulnerability or proactively prevent a cybersecurity incident altogether, giving them time back in their day to focus on other responsibilities.
Along with a comprehensive asset inventory, cybersecurity asset management helps with challenges like creating a baseline for all supported and unsupported operating systems and monitoring IoMT and other connected devices continuously for vulnerabilities and other risks. By automatically discovering security gaps, IT and security teams can customize triggered actions when an asset or user deviates from policies and procedures.
Developing and maintaining a strong cybersecurity posture includes understanding what makes up the attack surface. When healthcare organizations have a complete, always up-to-date asset inventory in place, IT and security teams can then fortify their cybersecurity posture and strengthen patient safety.