Why a Strengthened Cybersecurity Infrastructure Should Matter to the Healthcare Sector

Country Manager for Singapore, at Trend Micro

The pandemic led to the digitalization of several industries, including healthcare. It is not surprising that Southeast Asia’s eHealth industry is predicted to increase by 10x by 2025, with Singapore being one of the leading participants, given the emergence of HealthTech and investments being made for future improvements in this area.

However, ransomware’s ominous cloud also poses a threat to the sector. A ransomware assault that targeted a private eye clinic in Singapore in 2021 resulted in the theft of sensitive patient data and clinical notes. Around the world, 25% of healthcare ransomware victims had to stop working. The issue has become so terrible that as of the first half of 2022, one of the top three industries with the most malware detections was the healthcare sector.

CIO World Asia spoke with  David Ng, Country Manager for Singapore, at Trend Micro about how healthcare cybersecurity flaws can have fatal implications.

The Landscape of Cybersecurity in the Healthcare Industry

For a long time, cybercriminals have found the healthcare industry to be a lucrative target. Medical information is valued at least ten times more than credit card records on the black market, and it can even outperform other sorts of financial information. One explanation for this is that, unlike financial data, which can be updated or changed to increase security, medical data often remains in existence for the duration of the patient, making it a more profitable target. Therefore, it is not unexpected that the healthcare sector has experienced an increase in data breaches and ransomware assaults.

Singapore has been the target of significant cyberattacks against the healthcare sector. The majority of these intrusions have targeted private patient data such addresses, IC numbers, and medical records. For instance, in 2017, the online health platform of AXA Insurance suffered a data breach that exposed the personal information of 5,400 clients. The SingHealth data breach, which exposed 1.5 million patient details, was the biggest data breach we’ve seen thus far.

However, the value of patient data is not the only thing that cybercriminals would target; other developments in the environment have made the healthcare sector more vulnerable to cyberthreats.

1.Increased connectivity of medical devices to computer networks

The attack surface for cybercriminals has grown as a result. In fact, more than a quarter of healthcare organizations claim that they are exposed to potential attacks because they lack visibility across the attack surface.

2. Accessibility of healthcare in the cloud

Security teams will find it difficult to keep track of every entry in order to prevent unauthorized people from accessing critical information.

3. Lack of cyber hygiene and awareness

As a result, medical technology is at danger. Less than half of healthcare professionals and employees are likely to click on dubious emails that might malware on their devices. This describes the necessity of educating more medical personnel about the cybersecurity measures that will defend their equipment and patients.

The good news is that countries in Asia are putting policies into place to better safeguard their infrastructure and healthcare systems. For instance, a national labeling program in Singapore will soon enable customers and healthcare professionals to assess how secure medical equipment are against cyber hazards to aid them in making informed purchase decisions. This also motivates manufacturers of medical devices to take greater care to ensure the safety of their goods. However, the ecosystem as a whole must work together to ensure the sector is well protected.

Putting Patients at Risk

When it comes to ransomware attacks in the healthcare industry, the loss and leaking of patient data is just the beginning. Hospitals all across the world have been attacked by rising ransomware levels throughout the epidemic as highly organized organizations deploy advanced persistent threat (APT)-style methods to shut down life-saving services. These assaults may result in system failures that endanger the life of a patient. In actuality, 86% of international healthcare organizations have been affected by ransomware and have experienced operational disruptions, with 25% of them being forced to fully suspend their activities. Such setbacks can cause delays in life-saving therapies like chemotherapy, interfere with surgeries in progress, or result in the loss of medical records that are essential to a patient’s rehabilitation, all of which put patient safety at risk.

Stakeholders must consider more than just operational interruptions, such as how long it takes to recover and move on. One of India’s most renowned institutions, the All India Institute of Medical Sciences (AIIMS), was recently the target of a ransomware assault. By crippling IT systems and the linked devices within them, hackers put patient data at risk. Due to the outage, AIIMS was compelled to manually run a number of crucial medical services and labs for more than a week. Similar to this, several healthcare institutions claimed that it took them days (56%) or weeks (24%) to completely resume operations.

“The industry must double down on their security operations to protect their patients’ safety and secure their data.” said David Ng

Cybersecurity Practices to Implement in the Healthcare Industry

1. Apply zero – trust architecture based on “never trust, always verify” philosophy. Continuously assess network and software vulnerabilities

The organization’s network should be continuously checked for unusual behavior by medical professionals and IT teams. Additionally, IT teams may rely on threat detection and response solutions to quickly identify and address sophisticated assaults before they worsen.

2. Implement virtual patching

This will immediately reduce the risk from operating systems and programs that are not patched.

3. Implement and improve controls for remote desktop protocol (RDP) endpoints.

These are the top three ransomware access points, and just around one in five worldwide organizations have any safeguards in place.

4. Implement unified security platform to provide visibility and correlation over different layers of cyber kill chain

The healthcare ecosystem’s adoption rates for XDR, NDR, EDR, Email DR, and Server DR are still too low.

5. Implement an analytics platform that can provide modelling and predictions about areas of risk. Subsequently provide proactive recommendations to reduce the risk

6. Information sharing with supply chain partners

By exchanging threat intelligence with partners, suppliers, and the larger ecosystem, all stakeholders may stay up to date on the most recent advances in the field of cybercrime. This will raise the bar for security across the board for the sector.

7. Develop incident response and discovery recovery plans

Healthcare organizations should be ready for the worst since lives are on the line. There should be a crisis response team available in case they are compromised so that they can handle and stop the assault right away. Members of the departments of technology, communications, law, and business continuity should be on the team. Healthcare organizations can uncover holes in their emergency response strategy by conducting a tabletop simulation of a hypothetical catastrophe.

8. Education and training for medical practitioners

Employees who handle medical equipment and private patient data should be required to complete obligatory cyber awareness training and instruction.