Healthcare cybersecurity provider CyberMDX published its 2022 predictions for the threats that healthcare delivery organizations, medical devices, and hospital networks face in the upcoming year.
Following are 2022 Healthcare IoT security predictions, according to the company:
- Pandemic Experience Will Shift Attacker Strategy: Cyberattacks on healthcare providers will become more targeted and sophisticated. Bad actors will use what they’ve learned during the pandemic attack surge to shift from a “spray and pray” model to a “bait and prey” strategy where there is more up-front profiling and analysis of a hospital’s weaknesses, vulnerabilities, and potential payouts.
- Hospital Boards Will Demand Security: With the record number of attacks over the past two years still trending up, hospital boards will push CEOs, CIOs, and CISOs to reduce risk. Boards will focus on closing the largest and most likely threat vectors to reduce the likelihood of successful attacks, but will also demand new protocols be put in place to cut recovery times from weeks and months down to days or even hours to limit the losses from network and device downtime.
- Patching Challenges Will Prompt Actions: For years, hospitals have given low priority to patching or upgrading of the software on their medical devices, however as the rising number of known vulnerabilities continues to serve as one of the largest threat vectors, patching, and updating software will go from an afterthought to one of the main strategies to defend against attacks.
- Expect Hackers to Explore New Vectors: With the average number of healthcare security incidents rising from 3.3 per week in 2020 to 4.4 in 2021, expect the trend to continue to rise as medical devices and other critical unmanaged IoT devices become more attractive vector targets for ransomware attacks as well as easy entry/persistence points while attacking the clinical information systems.
- Supply Chains Will Demand Priority Attention: Supply chains will dominate the news in 2022 — but not just from pandemic related supply issues. As suppliers and customers attempt to get control of the supply chain issues, its expected there will be potential ripple effects across healthcare provider suppliers that will range from being cyber threat entry points to extending or spreading known vulnerabilities to causing bottlenecks in supplies due to their own shutdowns from ransomware attacks. More attention will surface from regulators as well.
- Cyber Insurance Requirements Will Alter Cybersecurity Strategies: Pressure will rise as cyber insurance availability and safeguards will continue to shrink simultaneously as insurance costs escalate. To help qualify for and maintain cyber insurance, there will be more and more hospitals adopting micro-segmentation as part of their Zero Trust strategy.
- Expect More Governance and Compliance: As clinical networks become more and more complex and heterogeneous, spreading from campus and branches up to the cloud, governance, risk, and compliance (GRC) teams will require greater assurances. Security teams will need to respond with technologies that automate security governance and compliance, based on common security frameworks and on an end-to-end visibility basis.
It’s been a long couple of years for the healthcare industry. In the age of connectivity, the once unthreatened industry has become among the most vulnerable and targeted by hackers,” says Azi Cohen, CEO of CyberMDX. “Covid forced the accelerated integration of many connected systems. While necessary, the decisions to keep up with the demand for services often overlooked or did not address cybersecurity concerns. Over the next 12 months we can expect to see the continued fallout from those hard decisions, but also hopefully a new respect and acknowledgement for the value that security brings to the healthcare industry.”