Author: Gordon Morrison, Director of Government Relations, Intel Security
Fundamental shifts in the digital environment present both an opportunity and a sector-wide threat for the healthcare industry, as it continues to address increasingly sophisticated cyber-attacks.
Speaking at The King’s Fund Annual Conference recently, I discussed the need for NHS organisations to not only understand the current security risks posed by cybercrime, but to also be equipped to address and respond to these challenges using the most advanced means they have access to.
An ever digitising landscape
Let’s start with that opening fact: the digital landscape is evolving – and bringing us along with it. Every industry is adapting one way or another to innovation, but for healthcare, there are four dimensions to consider.
Firstly, more people are delivering care remotely, accessing data from mobile or tablet interfaces or simply using more technology on-site. Secondly, these devices and other hospital machines, are becoming increasingly connected. In fact, by 2020, there could be billions of connected devices, globally. Thirdly, healthcare products and services are migrating to the cloud, and lastly, the consumerisation of technology is initiating BYOD, or bring your own device, as users will increasingly want to use their own phones, tablets and apps at work.
Healthcare workers are therefore more likely to want access to data anytime, anywhere, and from any device. Senior leaders in healthcare need to deliver on these expectations if the industry is to maintain the best level of care, and protect its patients’ data.
Compounding these needs is a serious shortage of skilled cybersecurity professionals: around 62 per cent of organisations are understaffed in this area, and there could be a 1.5 million shortfall of qualified professionals by 2020. The key take-home here is that a non-integrated and manual solution just won’t cut it (more on this later).
The cyber-threat zoo
The results? Serious financial and operational impacts. The average cost per cyber-breach across every industry is $3.79 million. Cybercrime breach figures in 2014 totalled $618 billion – higher than the GDP of Sweden.
This is completely unsustainable, especially when you also consider how long it takes to detect a breach – days, week, months or even years – and to resolve them – days, or even weeks.
And criminals are sensing these weaknesses. The second quarter of this year saw 316 new threats a minute, or five every second. Four types of threats are mainly responsible: malware; mobile malware; ransomware; and macro-malware. This quarter experienced the highest threat figures for each type ever in a Q2 period; total ransomware has grown 128% in the past year, and 192 million new malware samples were added to our zoo of malware species earlier this year.
The combined cost of cyber-attacks
The above figures are eye-opening, but what does ransomware actually do to your files and data? Ransomware, as its name suggests, is a type of malware which infects all data it can access, encrypts them, and then holds the information for ransom.
One hospital in California paid $17,000 in bitcoin to restore its files and systems. Although not a huge amount, it forced the hospital to revert to manual methods for a few days.
Certain factors make hospitals, popular for attacks. Legacy systems are still sometimes used and are probably no longer supported by the vendor. Healthcare data isn’t as valuable as financial data just yet, but because it can be used by criminals as a gateway to access other personal information from other sources, it’s still seen as attractive on criminal forums.
Breaches are not just found in healthcare, of course, and every industry makes the same mistakes when it comes to prevention. Around 40% of data losses, for example, involve some type of physical media, like a USB stick. These are relatively simple risks to reduce through a focus on people, process and technology but organisations are still losing data in this way.
So, like other markets, healthcare is perhaps finding it difficult to tackle cybercrime due to overwhelmed (or overstretched) security teams. The good news? A focus on technology, people and processes can help to put barriers in the way of criminals and perhaps make it uneconomical and too difficult to criminally exploit healthcare organisations.
I mentioned earlier that manual non-integrated solutions to cybercrime just won’t cut it anymore. The alternative is implementation of a threat defence lifecycle that features automation, information sharing and advanced threat detection capability to help the overwhelmed security team.
For example, McAfee Advanced Threat Defence is part of Intel’s security integrated solutions, and it provides multiple analysis techniques to broaden detection and expose evasive threats and can reduce investigation time from days to minutes.
Industry risk assessments can also keep organisations educated about basic or minimum levels of protection. For example, the Intel Health & Life Sciences Breach Security Assessment Program which offers, alongside a series of partners, complementary and confidential security assessments for organisations in the Health and Life Sciences space. At the end of the assessment, an organisation will receive an extensive report filled with security analytics, showing its breach security system and how it compares with the broader industry. More on that and the results we’re starting to see here.
Collaborative technology is also critical. Data Exchange Layer (DXL) is a simple connection fabric that provides a secure, real-time way to unite data and actions across multiple applications from different vendors as well as internally developed applications. Enterprises gain the time and efficiency advantages of instant communication and collaboration, connecting security solutions into an effective team. This can shorten the threat defence lifecycle workflows and reduce integration complexity across security products and vendors.
Collaborate, learn, transform
Industry-wide collaboration on things such as DXL will help the sector draw on combined resources to tackle the threat of malware. There is a lot of work, protection and investment needed to ameliorate the challenges I’ve outlined, but the opportunities digital technology provides in relation to quality of care are amazing. It’s therefore critical that HLS organisations embrace technology to maintain patient care and keep up with the threat landscape and perhaps see an investment in Cyber security as an opportunity to digitally transform an organisation.
The more we share and co-operate, the more we learn from one another. Together we are stronger.