Heal health cybersecurity with a “total” approach.

This audio is generated automatically. Please let us know if you have any feedback.

Editor’s Note: Retired General Keith Alexander is the CEO of IronNet and Adrian Mayers is the Chief Information Security Officer at the non-profit health insurance company Premera Blue Cross.

With a mine of valuable patient information and a low tolerance for downtime, the healthcare industry continues to be hit hard by cyberattacks. Healthcare suffers the highest average cost of a breach for any industry, a figure that has increased 42% since 2020. This is painful.

We can – and should – do better to stem the impact of relentless cyberattacks on the healthcare sector, especially when most organizations are essentially victims of well-funded cybercrime activities carried out by outlets of highly organized cybercriminals and national attackers (e.g. Korea).

With the digital transformation taking place across the industry, encompassing an endless network of vendors and third-party providers, the healthcare ecosystem is a target-rich environment for adversaries. We all know they’re primarily looking for protected health information that can fetch about $1,000 per record on the dark web (compared to about $5 per credit card number and $1 per Social Security number), according to Experian.

Despite this backdrop, the investment in protecting non-patient IT infrastructure is typically lower than in other industries, even though the ultimate impact may directly compromise patient care. In addition, many healthcare organizations are not adequately staffed for security risks commensurate with their environment.

How can we tip the balance in our favor? The answer: Take a “whole-health” approach to cybersecurity to scale your cyber defense.

The days of defending yourself are over

The entire healthcare ecosystem needs to be stitched together and tied together to enable not only a better advocacy for any given organization, but a stronger collective advocacy for the industry at large. This means enabling healthcare professionals, payers, and even employers involved in group healthcare programs to collaborate in real time to defend the healthcare ecosystem at scale.

We call this strategy a “total” approach to cybersecurity, an approach based on two-way trust so that all stakeholders can lean, together, to share real-time threat intelligence as cyberthreats are forming (e.g. , as the command and control infrastructure, or C2, is being set up, well before the attack itself occurs. As an industry, we must also be open to sharing anonymous threat data with the government when needed, to act on critical cyberthreats detected on private sector networks.

For this approach to be successful, the healthcare industry must overcome its systemic fear of sharing threat data, a legitimate fear fueled by stringent data privacy regulations and compliance requirements.

It is important to realize that cybersecurity threat sharing is based on completely anonymous data. This is the easy part handled by technology. Cyberthreats on networks can be detected using behavioral analytics, without the need for corporate or personally identifiable information. This level of security applies to businesses and organizations with on-premises, cloud-based, or hybrid network environments.

The tough part is working with the long-standing trepidation that sharing the information will lead to compliance penalties for the reporting organization. This is why the language in the Cyber ​​Incident Reporting for Critical Infrastructure Act 2022 on protecting private entities if they share information about cyber threats is so important in shedding light on what threat sharing really means for assistance healthcare and, most importantly, to reformulate the relationship between the public and private entities. We have to make this collective mind shift.

A “whole-health” approach to cybersecurity complements Health-ISAC’s current efforts, as it adds to the mix both actionable attack intelligence on new and emerging threats as well as a radar-like, real-time picture of the threat landscape computer science .

Let’s create a “phalanx of capabilities”

This approach creates a “phalanx of capabilities” that allows the sector to defend itself on a large scale.

We draw this analogy from military campaigns, which depend on the convergence of specialized capabilities such as battlefield intelligence, special operations intelligence, expertise in multi-weapon operations, and more. In cyberspace, when you start thinking about creating a phalanx of capabilities, your ability to achieve your objective and mission success increases exponentially, making it much more difficult for the adversary to degrade mission objectives.

Leave a Comment

Your email address will not be published. Required fields are marked *