Currently, there are 7.1 million patients using connected medical devices and remote monitoring. Additionally, healthcare providers are expected to spend $9.5 billion on cloud services by 2020, with most organisations using a multi-cloud environment. These data points demonstrate that hospitals are putting more trust in these systems to store and analyse medical data, without necessarily revamping security measures.
In fact, the UK’s National Health Service (NHS) has recently given hospitals and healthcare providers the go-ahead to begin storing confidential patient information in the public cloud. This is a notable shift in the level of trust healthcare providers are affording to the cloud, especially given the WannaCry ransomware attack that shut down the NHS in May 2017, as well as new regulations such as the General Data Protection Regulation (GDPR) taking effect. Despite the cyber risks associated with these adoptions, healthcare organisations are moving forward due to the benefits they can provide.
A 2017 study revealed that more than 25% of all data breaches were related to the healthcare space, resulting in an estimated $5.6 billion lost to cybercrime per year. This is because cybercriminals have been working to make their attacks more advanced to easily target entryways such as connected devices, cloud and multi-cloud environments and evade detection by most legacy security solutions in place.
One way that cybercriminals have moved that attack needle is by adopting automation and machine learning to carry out complex attacks at a rapid pace, creating malware designed to detect and evade security devices. Botnets such as Reaper have been made more sophisticated, enabling them to target multiple vulnerabilities at once, while polymorphic malware allows for hundreds of variations of a threat to be created for different purposes in a matter of hours.
New malware is also being developed to target the seams between different networked systems, especially multi-cloud, and threat predictions indicate that cyber criminals will begin to target cloud service providers directly in the coming year. With the healthcare space continuing their push toward digital transformation, and cybercriminals adapting attacks accordingly, there must be a correlating cybersecurity transformation as well.
With automation, polymorphic malware, malware as a service, and more all already in place, carrying out cyberattacks has become inexpensive for criminals, but increasingly expensive for their targets. One key to the healthcare security transformation is flipping this paradigm.
Combatting cyber threats
To combat modern threats, healthcare organisations need an integrated security architecture that can span their distributed network and provide automated security. The release of Fort iOS 6.0 brings hundreds of new security capabilities to organisations already running or moving to adopt the most widely distributed security operating system. For healthcare organisations, it’s expanded IoT, multi-cloud, and SD-WAN security capabilities are especially relevant.
Just as cybercriminals are harnessing automation and artificial intelligence (AI) to make attacks more effective, organisations must use this same technology to fortify defences. FortiGuard AI is our latest solution, built from the ground up, to address these automated attacks.
To continue to build the next generation of cybersecurity, Fortinet has also updated its Threat Intelligence Services (TIS). TIS provides visibility into network activity and metrics, delivered through the cloud. This information gives healthcare security teams an understanding of their threat landscape, allowing them to shift their focus and prioritise to meet current threats.
Healthcare organisations are a major target for cybercriminals, who are now developing new methods of attack to take advantage of digital transformation. As these advanced new forms of malware, botnets, and more are distributed automatically at a mass scale, the status quo of cybersecurity methods will not be sufficient to protect health networks. To continue to innovate, healthcare providers must also transform how they approach network security.