UncommonX - Blog

White House Acts on Healthcare Cyber Risk, But Is It Enough?

Written by Rich Pasewark - CEO, Board Director | Jun 14, 2024 4:19:51 PM

In a significant move to address the growing cyber threats facing our nation's healthcare infrastructure, the White House has made a critical announcement acknowledging the severity of these risks, particularly to small and mid-sized hospitals.

With cyberattacks on healthcare systems rising by an alarming 128% from 2022 to 2023, the urgency for robust cybersecurity measures has never been more apparent. The announcement also highlighted commitments from leading technology companies.

However, a blindspot remains. Although additional attention, financial assistance and expert advice are welcomed and needed support, the increasingly complex infrastructure and legacy networked environments of these hospitals are exposed.

In this blog post we explore the importance of gaining complete visibility of a hospital’s network, so that IT teams can take full advantage of this important announcement.

The Statistics Are Staggering

In addition to the above-mentioned Office of the Director of National Intelligence statistic, another report found that the healthcare sector accounted for 20% of all publicly-reported data breaches, making it the most vulnerable to cyberattacks.

The past year has seen a dramatic increase in cyber attacks targeting hospitals and healthcare providers. Notable incidents include a major attack in early 2024 that disrupted one out of every three healthcare claims in the United States, delaying payments to providers and impacting patient care.

Other significant breaches have forced hospitals to divert care and scramble for alternative funding, highlighting the critical need for enhanced cybersecurity in the healthcare sector.

Smaller Doesn’t Mean Safer

Small and mid-sized hospitals are particularly vulnerable to these attacks. Lacking the extensive resources of larger institutions, these hospitals face unique challenges in defending against cyber threats. Their critical role in providing healthcare services, especially in rural areas, makes their protection a national priority.

In fact, a recent survey of one hundred hospital IT executives revealed that small and mid-sized hospitals are most at risk of cyber-attack, with 48% of executives revealing that their organization had been forced to shut down in the last six months due to a cyber-attack.

Specifically, those surveyed from hospitals with 1,000 or more beds reported an average device shutdown time of 6.2 hours at a cost of $21,500 per hour. For mid-size hospitals (less than 1,000 beds), those numbers ballooned to an average 9.8 hours and a shutdown cost of $45,700 per hour.

Welcomed And Needed Support

In response to these challenges, the White House has secured commitments from leading technology companies to provide free and low-cost cybersecurity resources to rural hospitals.

One is offering significant discounts on security products and free cybersecurity assessments, while the other is providing endpoint security advice and launching pilot programs to tailor security solutions to the needs of rural hospitals.

While this support is crucial, it is not a silver bullet. Hospitals require complete visibility into their complex cyber-physical infrastructures, which are often built upon legacy networked environments, to effectively safeguard against cyber threats.

Why Healthcare Is So Vulnerable

According to the 2023 FBI Internet Crime Report, the healthcare sector reported more ransomware attacks than any other critical infrastructure sector, and attacks involving ransomware against the healthcare sector were up nearly 130%. These risks stem from a litany of unique challenges facing hospitals:

 

 
Legacy Systems: Many hospitals rely on outdated IT infrastructure, which lacks the necessary security features to combat modern cyber threats.
 

 
IoT/OT Devices: Hospitals use numerous Internet of Things (IoT) and Operational Technology (OT) devices, such as medical equipment and smart devices, which often have weak security protocols and are difficult to secure.
 

 
Data Sensitivity: Hospitals store vast amounts of sensitive patient data, making them prime targets for cybercriminals looking to steal or ransom this information.
 

 
Complex Networks: The extensive and interconnected nature of hospital networks, which include everything from administrative systems to medical devices, creates numerous potential entry points for attackers.
 

 
Resource Constraints Smaller hospitals often lack the financial and human resources to implement and maintain robust cybersecurity measures.
 

 
High Stakes: Cyberattacks can disrupt critical healthcare services, potentially putting patient lives at risk and causing significant operational and financial damage, which makes them an attractive target.
 

 
Regulatory Compliance: Hospitals must comply with strict regulations such as HIPAA, which require them to protect patient information but can also complicate cybersecurity efforts due to their complexity.
 

 
24/7 Operations: The need for continuous operation and uptime limits the ability to take systems offline for updates and security patches, making it harder to maintain a secure environment.
 

 
Third-Party Vendors: Hospitals often work with numerous third-party vendors, each of which can introduce vulnerabilities into the network through their own systems and practices.
 

 
Human Factor: Staff may lack cybersecurity training, making them more susceptible to phishing and other social engineering attacks.

Do You Have Complete Visibility?

UncommonX offers a robust cybersecurity solution designed to provide complete visibility and protection for healthcare networks. Our technology deploys quickly and integrates seamlessly with all public clouds, technologies, SaaS applications, and APIs.

By providing real-time visibility and expert management, UncommonX ensures that small and mid-sized healthcare providers can maintain a secure and resilient digital environment. Our platform includes:

Asset Discovery

This feature identifies and catalogs all devices, applications, and systems connected to the network in real-time, including critical IoT/OT devices.

Network Management

Maintains an up-to-date inventory of all assets, tracks changes, identifies shadow IT, and manages configurations to ensure optimal security.

24/7 Cyber Protection

Implements and monitors security measures around the clock through our dedicated Security Operations Center (SOC), providing continuous threat protection and remediation.

For hospitals struggling with legacy systems, UncommonX delivers a comprehensive and reliable solution that is both easy to implement and manage. This ensures complete visibility and the ability to take full advantage of the recent White House announcement.

Take Action Today

Let us help you build a more secure and resilient healthcare system, ensuring that your institution can continue to provide essential care without disruption. Contact UncommonX today to start your complimentary NIST security assessment and uncover the true state of your networkhello@uncommonx.com.
View full post