Getty Images/iStockphoto
Healthcare Cybersecurity Measures Must Go Beyond Perimeter Security
Over 90 percent of surveyed critical infrastructure leaders agree they cannot solely depend on perimeter security, indicating that healthcare cybersecurity measures must go further than the firewall.
An uptick in cyberattacks across critical infrastructure organizations is causing organization leaders to bolster their security postures, going beyond basic perimeter security.
Healthcare organizations cannot afford to be unprotected against the evolving threat of cyberattacks with patient safety on the line; prioritizing security beyond the firewall will be critical to healthcare cybersecurity measures, according to a report conducted by Vanson Bourne on behalf of Imprivata.
Researchers surveyed 760 IT security leaders in healthcare, finance, manufacturing, and pharmaceutical to elevate areas of improvement in current security measures and compliance tactics.
“The current IT landscape looks nothing like it did a decade ago,” the report stated. “In the quest to stand up new services, facilities, and locations, optimize existing investments, and keep pace with countless users, roles, and applications, IT infrastructures have evolved into highly complex ecosystems that exist beyond well-define perimeter.”
The new findings revealed that nearly 99 percent of security leaders experienced a cybersecurity attack within the last year, with the rising prevalence of remote work contributing to the growth of attack surfaces.
The impact of cyberattacks typically results in monetary losses due to ransom payouts and increased cyber insurance costs. However, for the healthcare industry, the effects may extend to patient care. The survey results showed that nearly three in ten healthcare delivery organizations reported that a cyberattack led to diverted patient care. Additionally, 31 percent stated that cyberattacks had been associated with poor patient outcomes stemming from delayed procedures and tests.
Patient health information is also at risk, with 68 percent of surveyed healthcare respondents stating that employee and customer login credentials theft was because of a cyberattack within the past year.
As a result of imminent threats, 91 percent of all infrastructure organizations reported they could no longer depend on perimeter security to defend against cyber risk.
Perimeter-based, or “endpoint,” security focuses on securing endpoints through a network or cloud-based system to safeguard data and resources.
Endpoint protection security includes firewalls, VPNs, intrusion detection systems (IDS), and intrusion prevention systems. However, once users are trusted and inside the network, they can move laterally without re-authentication.
While endpoint security is still critical, complex and distributed networks require organizations to manage and regulate access to data and resources through authenticated identity, also known as “identity security.”
Identity security, a cornerstone of Zero Trust, only grants users access to the necessary data and resources they need.
According to the survey, 67 percent of industry leaders reported that security beyond the firewall is one of their top three investment priorities this year. Additionally, defending against ransomware, phishing, and other sophisticated attacks was a priority for 65 percent of leaders.