Claroty’s Global Healthcare Cybersecurity Study 2023 surveyed 1,100 professionals across healthcare fields like cybersecurity, engineering, IT, and networking. Notable findings include 78% encountering cybersecurity incidents last year, 47% facing cyber-physical system issues, and 30% highlighting consequences for sensitive data, including protected health information. What’s more, 60% noted incidents affecting care delivery, with 15% citing severe impacts on patient well-being and safety.
On the heels of the study, 24×7 sat down with Ty Greenhalgh, industry principal at Claroty, to discuss the implications of these findings.
24×7 Magazine: How do you perceive the impact of escalating cyber-physical connectivity, specifically the Extended Internet of Things, or XIoT, on the cybersecurity landscape within healthcare organizations?
Ty Greenhalgh: As technology advances, the threat landscape grows rapidly—and cybersecurity is struggling to keep up. Healthcare, specifically, is at an increased risk for cyber incidents as many organizations don’t have the visibility into how many connected devices they have—let alone how many are up to today’s constantly evolving cybersecurity standards.
Healthcare delivery organizations, or HDOs, often lack the infrastructure needed to manage and secure the growing number of technologies and connected devices their organization is using. This presents the challenge of not only securing devices but understanding what devices they have and how to manage them.
24×7: Given the report’s disclosure of significant cybersecurity incidents, how can healthcare professionals ensure patient care and safety amid potential disruptions?
Greenhalgh: To start, HDOs need to start implementing asset discovery protocols across their clinical environments to gain further visibility into all the connected devices within their networks. Also, compensating controls to ensure devices stay online, and converging the IT workflow within device management can all help improve an organization’s overall cybersecurity hygiene. However, some of the more critical workflows HDOs need to prioritize are patching known exploitable vulnerabilities and building effective resilience by detecting and mitigating anomalous device behavior early.
24×7: What are your thoughts on centralizing this responsibility under IT security and its impact on healthcare organizations’ cybersecurity strategies?
Greenhalgh: Medical device security leadership not only allows organizations to see gaps across IT, operational technology, and IoT devices, and extend existing IT workflows even further, but also provides a shared framework where responsibilities are delegated based on skill sets and not abdicated. By extending medical device security leadership, teams can centralize accountability under IT and still allow for responsibilities to be shared across clinical engineering, facilities management, procurement, InfoSec, etc.—helping improve communication and improve overall HDO cybersecurity posture.
24×7: The survey shows that healthcare organizations are increasing their security budgets. What are the top areas these budgets should focus on to counter rising cybersecurity threats?
Greenhalgh: First and foremost, HDOs need to prioritize the operationalization of the mitigations, controls, and integration into the IT Tech Stack workflows. Then, they can focus on asset inventory/management and finding new cybersecurity talent.
24×7: Given the survey’s focus on healthcare organizations’ priorities like addressing device vulnerabilities, managing assets, and segmenting devices, how can professionals effectively implement these priorities for improved cybersecurity readiness?
Greenhalgh: It all starts with full visibility into an HDO’s clinical assets. Once the HDO understands how many functional connected devices they have, then they can start analyzing vulnerability and risk. They can use data to determine which devices are critical for patient care—cross referenced with actively exploited vulnerabilities—to prioritize scarce resources. Then, it’s all about governance and ensuring team are not operating in silos. Using a common cyber physical platform to coordinate workflows can help with this.
24×7: How have the National Institute of Standards and Technology (NIST) and HITRUST Cybersecurity Frameworks adapted for challenges posed by cyber-physical connectivity and the Internet of Medical Things?
Greenhalgh: NIST and HITRUST are both working to implement even more safety protocols around healthcare organizations and connected XIoT devices. The NIST framework has evolved to meet the new challenges of today, including issues around identifying threats, responding to them, and even recovering operations or data after a breach.
HITRUST, specific to healthcare, has answered the call from providers to have a wide-reaching assessment of creating a secure program—helping safeguard sensitive data and managing IT risk. Together, they provide HDOs with a cybersecurity assessment plan, approach, and framework if they do encounter an incident, helping solve some of the challenges that come with reporting/resolving attacks and preventing them in the first place.