The healthcare industry incurs the highest average data breach costs at a huge $7.13 million, 84% more than the global average. In the wake of high-profile breaches like the SolarWinds attack and the rise of ransomware like Ryuk, healthcare organizations are facing complicated and increasing cyber threats. The industry has become a prime target for cybercriminals, making it vital for their security staff to gain better visibility, stay ahead of the cyber threat curve, and protect their networks.
The complexity of networks in healthcare organizations and the highly prized PII they contain has led to an increase in cyber breaches. Healthcare networks contain Internet, Intranet, IoT, SCADA, and other nodes, making it a challenge to monitor and manage, and cybercriminals know and exploit this. Budgets are stretched, and staff members may not always have the time to complete cybersecurity training, leaving them even more vulnerable to social engineering tactics and attacks like ransomware and phishing emails. Organizations that use BYOD (Bring your Device) also open themselves up to further potential compromises from external, unknown devices entering the network.
Additionally, rapid digital transformation within the healthcare industry has caused many organizations to use third-party partners, absorbing networks that aren’t their own which may be unsafe or already compromised. This is particularly important in medical IoT devices that are connected to the network but cannot support security applications. If critical devices like remote patient monitors, connected inhalers, and surgery robotics are compromised, there are increased risks to patients’ health and the integrity of the entire network. When facing these challenges, traditional security stacks, such as firewalls, cannot inspect all outbound traffic attempts or block all IoCs for a network as vast as those in healthcare.
Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, suffered a Ryuk ransomware attack in September 2020, costing around $67 million in lost income, operational disruption, and remediation expenses. Part of a wave of Ryuk attacks on the US healthcare system towards the end of 2020, the ransomware infiltrated UHS’ systems via phishing emails, causing disruption to clinical and financial operations and forcing facilities to rely on offline documentation. Fortunately, when clients have raised concerns to the Centripetal team about being targeted by Ryuk ransomware, we have been able to identify and protect against potential events in a matter of hours.
Dynamic Cyber Threat Intelligence
Hospitals and healthcare organizations need to layer their security tools and use dynamic threat intelligence to identify threats to their network. Centripetal CleanINTERNET’s deep packet inspection sits at the edge of the network, identifying real known threats, monitoring incoming and outgoing traffic, and blocking compromised third parties from reaching infrastructure. For healthcare organizations, this means their large, complicated networks can be secured from insider and outsider threats, with CleanINTERNET observing all traffic, including medical IoT devices that connect outwardly, and proactively identifying and blocking cyber threats.
When CleanINTERNET is installed, we find that around 1 in 4 networks contain compromised hosts that are already exfiltrating data, and nearly all networks find unexpected traffic. CleanINTERNET’s traffic analysis and deep packet inspection quickly give you visibility of these threats and show you what threat actors see when scanning your network. By aggregating, managing, and delivering thousands of cyber threat intelligence feeds for you, we dramatically decrease the number of false positives your business gets, alleviating the burden on your security team and making existing security tools more viable. CleanINTERNET saves millions of dollars on separate CTI feeds, offering immeasurable security at an affordable price and making us one of the best solutions for securing healthcare organizations.