The State of XIoT Security Report: 1H 2022
Download the Report
Claroty Logo


It’s Time for a Converged Approach to Healthcare Cybersecurity

The Claroty Team
/ November 15th, 2022

Silos have a natural tendency to form within any organization as different groups are tasked with different roles and responsibilities, and they are often the result of rapid growth or change. Unfortunately, silos often create situations where groups become focused on their own day-to-day activities, which may not be in sync with the big-picture view of the organization. Inefficiencies are bound to arise when organizational silos lose sight of common goals, and this disconnect can lead to massive inefficiencies and exacerbated risks. In the case of healthcare delivery organizations (HDOs), organizational silos can ultimately impact the availability and safety of operations and care. 

Siloed Teams Can Create Healthcare Cybersecurity Blind Spots

HDOs can't afford to leave blind spots in their cyber-defense strategy, and we don’t have to look far for evidence of this. Threat actors will take advantage of any gaps in an HDO's defense perimeter, launching attacks that may disrupt delivery of services. In fact, two-thirds of healthcare organizations surveyed by HIMMS experienced significant security incidents in the past 12 months, with the most damage resulting from phishing and ransomware attacks. And a recent joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Agency (CISA) and the Department of Health and Human Services (HHS) warns that the “Diaxin Team” has been disproportionately targeting the healthcare sector with ransomware and data extortion techniques since at least June 2022. This cybercrime group has gained access to HDOs via unpatched vulnerabilities and compromised credentials to encrypt servers responsible for patient services, including diagnostics and imaging. Cyber threats to healthcare organizations are so pervasive that the White House is currently focusing on creating additional healthcare cybersecurity standards and guidance.

The cyber risks facing healthcare organizations are growing exponentially as digital transformation takes off, and devices are increasingly connected to the internet. The good news is that by bridging the divide between silos, HDOs can strengthen security and mitigate risk to their operations while maximizing efficiencies and continuing their journey to become smart hospitals. The time to get started is now.

Common Healthcare Cybersecurity Silos to Avoid

When it comes to cybersecurity, HDOs often run the risk of forming three different siloed groups:

  1. IT/Cybersecurity is focused on protecting the privacy and integrity of the hospitals systems and data and the general reliability of the infrastructure they connect to and flow through. 

  2. BioMed is focused on the devices and the ongoing ability to efficiently and effectively use them to deliver care.

  3. Business units (procurement, finance, operations, etc.) are focused on operations and all the business functions needed to keep the HDO going.

Everyone within the HDO exists for the same common purpose—to deliver the highest quality care possible to optimize patient outcomes. However, each group uses different tools and processes and goes about their activities in different ways with limited understanding of the inter-dependencies and potential impact on others. If not mitigated through effective coordination and management, cybersecurity blind spots created by organizational silos can prevent essential teams from doing their jobs and can disrupt care. 

The Importance of Bridging the Healthcare Cybersecurity Divide

Imagine the following scenario: 

The security team of a large academic hospital recently did a code upgrade to its wireless infrastructure to improve its security. The action was coordinated with the BioMed team ahead of time, and it was thought that the code change would not affect their devices at all. Once the upgrade began, however, a number of systems were unable to reconnect, disrupting the hospital’s ability to deliver care. 

The root cause analysis showed the affected devices were using an older version of a wireless security standard to connect, which was incompatible with this upgrade. If security had visibility into this level of device detail, they may have been able to avoid the issue, but the data was contained in one of biomed’s tools which meant that neither group was able to perform their jobs successfully.

This example clearly demonstrates why it is imperative to close the divide. Only when HDOs remove silos can they start to improve their ability to move forward, together, towards the common goal of improving patient outcomes and transition into the smart hospitals of the future. The effort will require a convergence project based on regular, cross-functional collaboration among diverse stakeholders from all departments to achieve alignment with each other’s missions and the overall vision of the hospital. Tools, technologies, and processes will need to be shared across teams and integrated in appropriate and meaningful ways to improve security and operational efficiencies.

Initiating Healthcare Cybersecurity Convergence

With a clear understanding of why a convergence project is needed, the next step is to understand how to go about it. Leaders of all levels of the healthcare enterprise are going to play a significant role and will ultimately be responsible for the success of the project. The critical success factor is ensuring diverse teams are able to work together to generate innovative solutions to complex problems. The following three principles will help create a convergence culture and foster cross-functional teamwork.

  • Principle 1: Demonstrate a commitment to developing an open, inclusive culture that values diversity of title, role, department, experience, and function.

  • Principle 2: Demonstrate a willingness to be flexible in the way problems are approached to explore all ideas and consider all perspectives.

  • Principle 3: Establish the use of a common language to facilitate communication across the organization. For example, do BioMed engineers know this as something different than IT does?

With these principles in place, HDOs can move to the next phase of convergence, interoperability, which is defined by HIMSS as the ability of different information systems, devices, and applications to work together within and across organizational boundaries in order to advance the effective delivery of healthcare for individuals and communities. Having an understanding of all relevant IT, medical, and business devices and systems across the enterprise is essential.

The Scope of Successful Healthcare Cybersecurity Convergence

A converged approach to security and risk mitigation requires detailed visibility into everything—managed and unmanaged—connecting to the network, in order to ensure there are no blind spots and no devices unaccounted for within the healthcare organization’s technology environment, which encompasses:

  • Operational Technology (OT): Within a healthcare environment, OT typically includes such things as building management systems for heating and cooling, refrigeration units, air filtration, power, and other industrial facilities controls needed to keep the building running while creating a safe environment for patient care.

  • Healthcare Extended Internet of Things (XIoT): The healthcare XIoT encompasses the many different types of medical devices and applications that directly relate to patient care. This includes monitoring devices, such as MRI machines, CT scanners, and vital sign monitors, as well as infusion pumps and defibrillators that interact directly with the physical world and can be considered cyber-physical systems. Sensing, actuating, interface, and support capabilities are also part of the healthcare XIoT and are sometimes overlooked as they operate behind the scenes.

  • Telehealth XIoT: Telehealth is entirely reliant on digital technologies, which include remote patient monitoring devices used to extend the reach of the hospital to deliver care. While the telehealth XIoT can be regarded as a subset of the broader healthcare XIoT, it's worth noting due to the explosive growth of healthcare amid the COVID-19 pandemic. 

  • Traditional IoT: In a healthcare context, this may include devices such as phones, printers, security cameras, and televisions, involved in the general operations of the hospital.

Bridging the Cyber-Physical Cybersecurity Gap in Healthcare

Since all of the technologies described above are all connected to common healthcare technology networks, the many in which these devices are procured, tracked, maintained, and protected must also converge. The mix of fixed and mobile devices​​—both remote and local—means that any convergence program must take into account both the cyber and physical aspects of the business operations. 

The last few years have put unprecedented pressure on HDOs who continue to be plagued by significant security incidents as they increase connectivity to improve patient care. HDOs today need a “protect to enable” strategy that fuses IT/security, BioMed, and business outcomes to propel healthcare enterprises to the next phase of hyperconnected, smart, and secure organizations. It’s a journey that will vary from one HDO to another, but it will always require cross-functional leadership and collaboration and, when well executed, will ultimately lead to the same destination—improved patient outcomes and business value.

To learn how Claroty can help you define and execute a convergence program for your healthcare organization, request a demo.


Featured Articles

Interested in learning about Claroty's Cybersecurity Solutions?

Claroty Logo
LinkedIn Twitter Facebook