We’ve looked at the cybersecurity trends in store for 2024, but trends will differ by discipline in the months ahead. For instance, industrial settings have their own set of vulnerabilities, as do finance, education, government, and healthcare.
Hackers especially covet healthcare because the vast troves of valuable protected health information (PHI) are ripe for the taking. For managed service providers (MSPs), healthcare has been seen as an increasingly lucrative specialty. So, while MSPs jump into healthcare services quickly, they need to be aware that hackers are doing the same.
“Hackers have all sorts of access points into the healthcare ecosystem, and the data is priceless to most; MSPs are finding that securing a clinic or a hospital often means putting up a very vigorous and wide perimeter,” says Ellen Fergus, a healthcare cybersecurity consultant in Denver.
According to Fergus, there are a few key healthcare cybersecurity trends to keep an eye on this year:
By 2024, the healthcare sector’s use of wearable tech is expected to reach $800 million. “The pandemic sped this trend up,” Fergus explains.
The hospital is increasingly escaping its traditional four-wall and roof campus. The complexity of securing wearables will continue to be both a challenge and trend this year.
“Securing one building was relatively ‘easy,’ securing thousands and millions of devices measuring everything from blood sugar to oxygen to heart rate is completely different,” Fergus states. “MSPs who specialize in healthcare, or hope to, need to constantly audit the connected landscape to include wearables and find a way to secure them.”
Fergus adds, “Each wearable device needs to be secured, first for the sake and safety of the patient, and then to secure the enterprise that it is connected to.”
Telehealth and remote patient monitoring are revolutionizing the care delivery experience.
“Doctors are increasingly seeing their patients in virtual settings, which creates a lot of efficiencies and opportunities for everyone, but it can also cause real security concerns that go beyond simply having a VPN,” Fergus affirms.
A report by Deloitte identifies areas of key concern regarding cybersecurity and telemedicine. This is including the use of legacy systems and equipment failure. The report adds, “Because virtual health introduces new tools that share information across more locations, it risks adding to the overall ‘attack surface’ of healthcare in general.”
The “AI in Medical Devices Global Market Report 2024” recently described how AI and wearables are shaking up healthcare cybersecurity. For instance, global AI in the medical device market is poised for rapid growth. This is projected to increase from $15.42 billion in 2023 to $22.3 billion in 2024.
“AI-infused medical devices come with cybersecurity challenges because hackers can use AI too, and there is so much unknown that security professionals will need to be constantly on guard to see where this evolves,” Fergus adds.
Because healthcare organizations store huge reservoirs of sensitive patient data, and AI systems are used to access this data for analysis, they are now prime targets for cyberattacks.
According to Meditology Services, The International Association of Privacy Professionals (IAPP) estimates that more than half of AI governance approaches are built on top of existing privacy programs. Additionally, IAPP estimates that only 20 percent of self-identified ‘mature’ organizations have begun rolling out formalized AI practices and guidelines.
“The lack of protocols and policies in place is troubling when it comes to cybersecurity. It appears many organizations are sort of making it up as they go along, which can leave everyone vulnerable,” Fergus reveals.
Supply chain vulnerabilities
As hospitals become increasingly adept at fortifying their cybersecurity defenses, hackers widen the perimeter, trying to get at prized PHI via supply chain and vendor partners.
“Anyone with even the most remote connection to the healthcare ecosystem is vulnerable; if there is a way in, they find it,” Fergus says. This means even far-flung parts of the ecosystem, such as uniform manufacturers and concessions, must be on guard.
Fergus adds, “Network segmentation in healthcare is more important than ever.”
Healthcare organizations are bearing the brunt of these supply chain attacks. There are studies showing 64 percent of organizations suffered a supply chain attack in the past two years. Of this group, 77 percent said these attacks impacted patient care. 63 percent of organizations had an average of 21 cloud compromises during the past two years.
According to most experts, no list of healthcare threats in 2024 would be complete without ransomware. But this isn’t the ransomware from even a few years ago, which almost seems quaint by comparison. “Today’s ransomware is far more complex and can bring in aspects of extortion,” Fergus warns.
“It’s obvious that it’s escalating and that the tactics are changing,” Mike Hamilton, chief information security officer of cybersecurity-as-a-service firm Critical Insight, told Fierce Healthcare.
The next 11 months promise countless healthcare opportunities for MSPs. However, it’s important to make sure cybercriminals don’t have those same opportunities!
Photo: DC Studio / Shutterstock