Almost a third of hospitals and health systems plan to introduce biometrics (29%), digital forensics (28%) or penetration testing (28%) within the next 24 months, according to new HIMSS research. (HIMSS is the parent company of Healthcare IT news.)
However, 43% say that funding is holding their businesses back from tackling the security challenges they face, the study shows. This is not a good thing as healthcare remains a prime target for cyber criminals.
So Healthcare IT news interviewed a cybersecurity professional to hear his views on where healthcare cybersecurity will head in 2022. Manoj Srivastava is General Manager of Security, ID Agent and Graphus at Kaseya, a provider of IT management software.
Q. What do you see on the horizon in 2022 when it comes to technological advances in healthcare cybersecurity?
A. There are at least three technological advances that will apply to cybersecurity in healthcare and other industries as well. They are passwordless authentication, Secure Access Service Edge (SASE), and Zero Trust.
Are passwords finally a thing of the past? Possibly. The use of passwordless authentication is increasing as it can help healthcare organizations reduce security risks associated with passwords.
Eliminating passwords can reduce the risk of data breach, as compromised credentials are a major part of security breaches. There are several ways to verify identity other than passwords, including biometrics like fingerprints and one-time passwords that require users to enter a code that is either sent via email, SMS, or used with an authentication app.
A SASE combines SD-WAN and security in cloud computing and is quickly becoming a VPN replacement for remote work and distributed offices. Security consists of a digital identity that can be associated with a person, a device, a cloud service, software or even an IoT system. SASE makes it more secure without the complexity and latency of the traditional WAN / VPN approach.
After all, Zero Trust is a shift in network protection towards a more comprehensive IT security model. The point is not to trust any user or device, even if it is already connected to the corporate network.
Authentication is required every time a new resource is requested from connected users and devices. Zero Trust is a security model or architecture. Products that support various security controls on a network now support Zero Trust.
Q. What is happening on the technical side in terms of cybersecurity? Which new technologies / techniques are emerging?
A. There are two emerging technologies, homomorphic encryption and blockchain, whose implications for the security of the healthcare industry are particularly interesting.
Homomorphic encryption (FHE) enables people to work together simultaneously without revealing confidential data. By using an encryption scheme, users can perform tasks on encrypted data that produce the same encrypted results as if they were using plain text.
Typical methods of handling sensitive data with collaborators can be at risk. When files are sent they can be encrypted, but once they are used they are decrypted, giving attackers the opportunity to access the data.
FHE eliminates this by allowing those with access to tamper with the data, keep it encrypted, and reduce the time it takes to decrypt it. Another feature of this technology is that it can restrict decryption access so that users can only view the parts they have been granted access to.
Keeping medical records safe and secure has long been a priority and challenge for health organizations. Blockchain technology can make it a little easier to minimize fraud and the costs associated with it.
Blockchain technology enables patients to access their medical information through a collective network. This technology enables more security and privacy. In addition, the information would be stored on a single, trusted platform where doctors and other medical staff could access the same data. Updates would be instantly available to everyone and could revolutionize patient care.
Q. What is the next year in terms of ransomware and the volume of malicious attacks? And what should healthcare provider organizations do to prepare for it?
A. The industries hardest hit by ransomware are the public sector, professional services, and healthcare. Besides the perception that these industries can pay ransom, they tend to store large amounts of data and the security measures are not as good as they should be.
Bottom line – no industry is immune to ransomware attacks, but these are the most vulnerable. Additionally, companies with 1,000 or fewer employees are responsible for nearly 70% of ransomware attacks. With new flavors on the rise and attack vectors becoming more sophisticated, it’s safe to say that ransomware attacks will continue to plague healthcare providers and society at large.
There are three interesting factors at play – the US government is determined to hunt down cybercriminals behind ransomware; there is increased international cooperation; and new regulations could be approved to track bitcoins and other digital currencies.
Taken together, these should reduce the number of high-profile attacks on critical infrastructure, including healthcare. But cyber criminals won’t go away that easily. They could just change their tactics. Instead of targeting larger organizations and demanding a seven-digit ransom, they could simply target a larger number of smaller organizations and only ask for a five- and four-digit ransom to stay under the law enforcement radar.
In preparation, companies should perform regular backups and integrity checks of these backups and train their employees in security awareness to avoid phishing and other social engineering tactics.
A patch management system and discipline should also be in place. Finally, it is also important to restrict the access rights to files and directories in order to contain the lateral movement of attackers if they violate non-privileged user accounts.
Q. What other cybersecurity developments do you think will be important for healthcare in 2022?
A. As the Internet of Things continues to expand its reach in the real world, including the medical field, IoT security must also be a priority for healthcare providers. Thousands of devices that make up the Internet of Things need protection, including items found in hospitals and health centers, such as: B. Infusion pumps and devices for remote patient monitoring.
As technology expands, other smart medical devices and things we use every day need to be protected too, from smart elevators to smart HVAC systems.
#Cybersecurity #Passwordless #Authentication #Trust #Blockchain