Insights From The Identity Jedi for Shoring Up Healthcare’s Cybersecurity Defenses – PR Web

4 minutes, 52 seconds Read

According to a Comparitech study, ransomware attacks on U.S. healthcare facilities since 2016 have led to approximately $77.5 billion in economic losses due to downtime. Each attack averages nearly 14 days and affects over 52 million patient records across 539 incidents involving almost 10,000 facilities. The study found that ransom demands varied from $1,600 to $10 million. (5) The FBI has been sounding the cybersecurity alarm regarding the vulnerabilities in popular medical devices like insulin pumps, intracardiac defibrillators, and mobile cardiac telemetry due to outdated software and inadequate security features. Unscrupulous hackers can cause direct harm to patients by hijacking these devices using WiFi, Bluetooth, and other remote technology to alter readings or administer drug overdoses. (6)

The government has been taking steps to stem the tide of cyberattacks. The Cybersecurity & Infrastructure Security Agency (CISA) has developed a Zero Trust Maturity Model to transition to a zero trust architecture. (7) “Trust but verify” is the core principle of zero trust, where all components of a cybersecurity supply chain are deemed untrustworthy and, therefore, always vulnerable to internal and external threats.

Section 524B of The Consolidated Appropriations Act, 2023 (“Omnibus”), Ensuring the Cybersecurity of Devices, empowered the FDA to require medical device manufacturers to include a Software Bill of Materials (SBOM) with each device. (7) An SBOM includes a structured list of components, libraries, and modules comprising software and the supply chain. (9) By identifying software components and constantly monitoring the supply chain for potential breaches, organizations can pinpoint outdated or open-source software that may be susceptible to cyber breaches.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) pioneered patient data protection. HIPAA is a federal law that established national standards for protecting and disclosing sensitive patient health information. (10) In 2023, the HIPAA Journal emphasized the importance of identity and access management in the healthcare industry. IAM involves implementing a range of administrative, technological, and physical defenses to control access to resources and data. It ensures access is granted according to job roles, authority, and responsibilities, facilitating appropriate access for authorized individuals while preventing unauthorized entry. (11)

IAM consists of single sign-on systems, multifactor authentication, and privileged access management. These technologies also securely store identity and profile data and can perform data governance functions. Lee explains, “As cyberattacks increase, the healthcare industry responds with more integrated systems, which creates a larger attack surface for cybercriminals, with each additional connected system offering a new avenue for attack. Healthcare has its own ecosystem, and it tends to self-medicate when it comes to cybersecurity, at its own peril.”

A survey by the Healthcare Information Management and Systems Society discovered that healthcare organizations spend a paltry 7% of their budget on cybersecurity. Fifty-five percent of healthcare IT professionals reported that their organization had experienced a significant security breach in the last year, and 74% say hiring qualified cybersecurity professionals is a considerable challenge. (12)

The healthcare industry is more concerned with the health of their patients, hiring the best staff, scientific research, and discovering groundbreaking treatments that can save more lives. Cybersecurity becomes a significantly lower priority.

It’s critical for the healthcare industry to find effective and affordable solutions to prevent a devastating attack on the life-saving care they provide. Lee emphasizes, “Cybersecurity technology like IAM, SBOMs, and zero-trust architecture, in and of itself, is not a magical elixir. It requires people with the right skills and expertise to implement it successfully. Healthcare needs to expand its trust circle to include cybersecurity professionals who can provide the urgent care the industry needs to protect itself and the millions of lives it serves.”    

About The Identity Jedi 
David Lee transitioned from a software engineering background to become a harbinger of change and inclusivity in the tech world. With over two decades of experience, he has left his mark on government agencies, Fortune 500 companies, and numerous fields, specializing in identity and access management. Recognizing that for technology to truly transform the world, it must embrace diversity, David serves as an agent of transformation, inspiring individuals to unlock their full potential. His influential voice and actionable insights have solidified his reputation as a respected figure in the ever-evolving tech landscape. He is available for speaking engagements. When he speaks, people listen. He is The Identity Jedi. Visit https://www.iamdavidlee.com/.

References:

  1. “Half of Ransomware Attacks Have Disrupted Healthcare Delivery, JAMA Report Finds.” Healthcare IT News, 10 Jan. 2023, http://www.healthcareitnews.com/news/half-ransomware-attacks-have-disrupted-healthcare-delivery-jama-report-finds.
  2. The 7 Industries Most Vulnerable to Cyberattacks | Ekran System, ekransystem.com/en/blog/5-industries-most-risk-of-data-breaches. Accessed 19 Apr. 2024.
  3. “The Importance of Cybersecurity in Protecting Patient Safety: Cybersecurity: Center: AHA.” American Hospital Association, aha.org/center/cybersecurity-and-risk-advisory-services/importance-cybersecurity-protecting-patient-safety#:~:text=Why%20health%20care%20gets%20hit,thieves%20and%20nation%2Dstate%20actors. Accessed 19 Apr. 2024.
  4. Flynn, Shannon. “Killware vs. Ransomware: What’s the Difference?” MUO, 6 Sept. 2023, makeuseof.com/killware-vs-ransomware-difference/.
  5. Olsen, Emily. “Ransomware Attacks on Healthcare Facilities Cost $77.5B in Downtime, Report Finds.” Healthcare Dive, 27 Oct. 2023, healthcaredive.com/news/healthcare-ransomware-costs-comparitech-77-billion/698044/.
  6. “FBI Warns of Vulnerabilities in Medical Devices Following Several CISA Alerts.” Cyber Security News | The Record, 12 Sept. 2022, therecord.media/fbi-warns-of-vulnerabilities-in-medical-devices-following-several-cisa-alerts.
  7. “Zero Trust Maturity Model: CISA.” Cybersecurity and Infrastructure Security Agency CISA, cisa.gov/zero-trust-maturity-model. Accessed 19 Apr. 2024.
  8. Center for Devices and Radiological Health. “Cybersecurity in Medical Devices Frequently Asked Questions (FAQs).” U.S. Food and Drug Administration, FDA, fda.gov/medical-devices/digital-health-center-excellence/cybersecurity-medical-devices-frequently-asked-questions-faqs. Accessed 19 Apr. 2024.
  9. “What Is an SBOM?” Linux Foundation, The Linux Foundation, 13 Sept. 2022, linuxfoundation.org/blog/blog/what-is-an-sbom.
  10.  “Health Insurance Portability and Accountability Act of 1996 (HIPAA).” Centers for Disease Control and Prevention, Centers for Disease Control and Prevention, 27 June 2022, cdc.gov/phlp/publications/topic/hipaa.html.
  11. Identity and Access Management (IAM) in Healthcare, hipaajournal.com/identity-access-management-iam-healthcare/. Accessed 19 Apr. 2024.
  12. Southwick, Ron. “Healthcare Cybersecurity Budgets Are Rising, but Workers Are Hard to Find.” OncLive, OncLive, 2 Mar. 2024, chiefhealthcareexecutive.com/view/healthcare-cybersecurity-budgets-are-rising-but-workers-are-hard-to-find.

Media Inquiries:
Karla Jo Helms
JOTO PR™
727-777-4619
jotopr.com

SOURCE The Identity Jedi

This post was originally published on 3rd party site mentioned in the title of this site

Similar Posts