2024 Healthcare Cybersecurity: Mastering The Fundamentals

In 2024, the healthcare industry faces a critical need to enhance cybersecurity. With an average cost of $1.3 million per cyberattack, healthcare organizations must move beyond chasing the latest trends and fortify their basic security posture. This year's cybersecurity incident in one of the largest healthcare organizations underscores the shift of cybersecurity from a mere option to a critical necessity.

Here are the four core focus areas for cybersecurity in 2024.

Third-Party Risk Management

Healthcare organizations increasingly rely on third-party vendors, which introduces significant security risks. They must proactively evaluate and manage these risks. These organizations should prioritize vendors based on the sensitivity of the data handled and the criticality of their services. Ensuring these vendors align with the healthcare organization's security policies is vital. This process involves conducting regular audits, requiring third-party vendors to demonstrate compliance through certifications, and performing vulnerability assessments.

Furthermore, healthcare organizations must establish clear contractual agreements with specific cybersecurity requirements. These agreements should specify data protection expectations, breach notification protocols, and regular reporting on security postures. Healthcare organizations should not only rely on initial assessments but also engage in ongoing monitoring of third-party vendors. They can achieve this through automated tools that track vendor security posture changes and alert the organization to potential risks. Additionally, healthcare organizations should educate their staff on the risks associated with third-party interactions and encourage a culture of security awareness to mitigate risks significantly. Regular drills and training sessions can instill best practices in handling third-party risks, ensuring a proactive approach to cybersecurity in the healthcare environment.

Cybersecurity Education

Organizations must prioritize cybersecurity employee education, especially ransomware and Business Email Compromise (BEC)/spoofing attacks. They must conduct regular training sessions to teach employees how to identify suspicious links and attachments, understand the importance of routine software updates, and use reliable antivirus software. These sessions should explain the ransomware infection process, including its file encryption methods and ransom demands, and emphasize the need for regular backups. Additionally, organizations should simulate ransomware attacks in these sessions to test employee readiness and reinforce best practices in real-time scenarios.

Regarding BEC/spoofing, organizations need to implement a comprehensive education program highlighting the techniques used by attackers, such as email spoofing and social engineering. Employees should learn to scrutinize email headers, verify unexpected transfers or sensitive information requests, and double-check email addresses for subtle discrepancies. Interactive workshops can be practical, where employees practice identifying fake emails and learn the protocol for reporting suspected BEC attempts. Organizations should also enforce multi-factor authentication and establish a verification process for financial transactions, ensuring employees know these protocols and understand their importance in preventing BEC/spoofing attacks.

Responsive Cyber Threat Landscape

The complexity of the cyber threat landscape demands quick, effective responses to security alerts. Integrating microservices and cloud-native architectures adds layers of complexity, challenging the agility of security responses. To address these challenges, healthcare organizations must develop rapid response mechanisms utilizing managed services and incorporate AI and machine learning algorithms coupled with traditional cybersecurity frameworks.

Erik Pupo, Director of Commercial Health IT Advisory for Guidehouse, agrees and said, "The nature of cybersecurity work changes to augmented cybersecurity. Beyond automation of repetitive security and compliance tasks (such as auditing of compliance framework mappings, or security checklists), we are moving towards augmented cybersecurity intelligence in 2024. In this new phase of cybersecurity AI, cybersecurity copilots can identify problems (for example, identifying 55 users with weak passwords) and then automate the scripting of tasks to remediate without direct human intervention. This will free up cybersecurity teams to focus more on strategy and operations (the integration of cybersecurity as foundational at the C-suite level) and let AI and automation in combination work through large amounts of security data to apply automated remediation techniques".

This is a sector where the integration of AI with cybersecurity will significantly benefit the industry.

Identity And Asset Management

The intertwined challenges of identity access management (IAM) and asset management from a cybersecurity perspective are multifaceted and critical in the healthcare sector. IAM ensures that the right individuals access the appropriate resources at the correct times for the right reasons. Healthcare providers must balance the need for swift access to patient information for medical purposes against the imperative to safeguard this data from unauthorized access.

Ryan Witt, Vice President of industry solutions at Proofpoint, agrees and said, "Because they exploit vulnerabilities rooted in human behavior and are often obscured by limited visibility, identity-based attacks will likely be the dominant breach activity in healthcare over the coming year. The conventional belief in cyber attackers relying on common vulnerabilities and exposures (CVEs) is losing relevance. Obtaining credentials is often the nirvana state for would-be threat actors, so the new truth is: "identity is the new vulnerability." Healthcare must shift its focus from primarily fortifying infrastructure to securing stored credentials, session cookies, access keys and addressing misconfigurations, especially when it comes to privileged accounts (very much now including their IDPs). Healthcare is particularly vulnerable, so the human link in the attack chain demands swift and innovative defenses".

Meanwhile, asset management, encompassing digital and physical assets, faces its own challenges. The healthcare industry's extensive use of various devices, from mobile devices to IoT-enabled medical equipment, creates a vast attack surface. Each asset represents a potential entry point for cyber threats, necessitating rigorous monitoring and management.

IAM and asset management in healthcare form a crucial barrier against data breaches and cyber-attacks, yet they require constant evolution and vigilance to address the ever-changing cybersecurity threats.

In conclusion, while the industry talks about zero trust as a goal, focusing on these four key areas is more pragmatic. Balancing security with usability is challenging, but ensuring robust security measures without hindering user experience is crucial. In 2024, healthcare cybersecurity is about getting the basics right and building a solid foundation for future advancements.