By Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet
Even before the pandemic, the healthcare sector has been targeted by malicious actors, although 2020 certainly added to those challenges, and it has not stopped in 2021. The industry as a whole moved to a remote model, including telehealth services and on the pharmaceutical and life sciences side, organizations focused on developing and manufacturing vaccines.
To respond to these new working models, many healthcare organizations revamped their security infrastructure. At the same time, cyber criminals seized the opportunity to exploit the pandemic. Amidst all of this, security teams worked tirelessly to ensure security, performance, and compliance.
With cyber criminals doing what they always do – taking advantage of a bad situation – focused on ransomware attacks targeting healthcare, a trend that is expected to continue through 2021. Even the Journal of American Medical Association became involved, publishing an article about the cybersecurity risks in telehealth.
At these times of greatest need and growth, vital services within the industry will continue to face significant threats. Virtual appointments via video are poised to expand, as is the use of sensors and remote diagnostic equipment. At the same time, research by FortiGuard Labs shows that hackers will continue to treat Internet of Things (IoT) and Internet of Medical Things (IoMT) devices as front lines of attack.
The need to secure telehealth practices is an ongoing concern in the medical community. The real challenge the healthcare industry faces is that talking about telehealth security is easier than implementing it. Healthcare organizations must take proactive steps to put together the right technology, people, and processes to meet this demand. In other words, they need to make some behavioural changes.
Choosing the Right Technologies to Secure Telemedicine
Knowing there is a threat to security is only half the battle. To be effective, healthcare organizations and their IT leaders must work together to address the cybersecurity risks that enabled their rapid response to COVID-19, including:
- Cloud technology
- Secure mobile workforce enablement
- Virtual patient platforms
One technology that can help reduce risk is SD-WAN. Secure SD-WAN ensures high-bandwidth connections that support real-time video and diagnostics information to pass between patients and healthcare providers. It also makes it easier for remote locations to connect to networks, offering lower latency, better performance, and more reliable connectivity. This technology helps secure data and transactions across healthcare organizations, enabling Health Insurance Portability and Accountability Act (HIPAA) compliance.
SD-WAN provides all of these security, availability, and compliance efficiencies without breaking healthcare provider’s banks, a top concern for many in the C-Suite.
Protecting the Healthcare Endpoint
Making sure that all endpoint devices have advanced security installed, such as anti-exploit and EDR solutions is important. Anti-exploit and EDR solutions are excellent tools for discovering malware on an endpoint device before it migrates to the network and then shares that information downstream.
Behaviour-based endpoint protection, detection, investigation, and response system can not only block a much higher percentage of attacks (accurately) both pre and post-execution, but also continue assessing and more importantly classifying suspicious behaviour.
Cyber Hygiene for Protecting Telemedicine
Securing telemedicine needs to start with people – teaching good cyber hygiene and reinforcing those lessons with technology that empowers users must be part of the solution. This includes ensuring that all employees within healthcare organizations receive the training required to be able to act swiftly in the face of a cyberattack.
Training starts during the onboarding process. However, cybersecurity hygiene is a continuous learning process. Employees must learn how to spot and report suspicious cyber activity and maintain cyber hygiene. However, now more than ever, they must also learn how to secure their personal devices and home networks.
Cyber health needs to be treated like physical health. CISOs must ensure that users – especially remote workers – know how to maintain cyber distance by remaining vigilant about suspicious requests and implementing basic security tools and protocols. Whether through in-person workshops or online courses, continuous learning builds a baseline defence at the most vulnerable network edge.
Laying the Groundwork to Overcome Complex Threats
Cyber hygiene must build upon basic security tasks, like updating devices, identifying suspicious behaviours, and practicing good cyber hygiene. After creating a robust education and awareness program, CISOs should invest in the technologies and solutions that reinforce these best practices, including SD-WAN, anti-malware software, and encryption. Achieving clear visibility and granular control across the entire threat landscape enables CISOs to secure sensitive telehealth data.
Complexity is security’s enemy. Starting with the basics, beginning with cyber hygiene, is the best response to increasingly complicated and highly dynamic digital problems facing the healthcare sector today.