The Global State of CPS Security 2024: Business Impact of Disruptions
Get the Survey Report
Claroty Toggle Search
Return to Blog

It’s Time for a Converged Approach to Healthcare Cybersecurity

/ / 8 min read
Top Converged Approaches for Healthcare Cybersecurity

Silos have a natural tendency to form within any organization as different groups are tasked with different roles and responsibilities, and they are often a result of rapid growth or change. Unfortunately, silos often create situations where teams become focused on their own day-to-day activities, causing them to become  out of sync with the big-picture view of the organization. Inefficiencies are bound to arise when organizational silos lose sight of common goals, and this disconnect can lead to massive inefficiencies and exacerbated risks. In the case of healthcare delivery organizations (HDOs), organizational silos can impact the availability and safety of operations and care — that’s why a unified healthcare cybersecurity approach is needed to eliminate inefficiencies and protect patients.  

Siloed Teams Can Create Healthcare Cybersecurity Blind Spots

HDOs can't afford to have  blind spots in their cyber-defense strategy, and we don’t need to look far for evidence of this. Threat actors will take advantage of any gaps in a HDO's defense perimeter, launching attacks that may disrupt delivery of services. In fact, two-thirds of healthcare organizations surveyed by HIMMS experienced significant security incidents in the past 12 months, with the most damage resulting from phishing and ransomware attacks.  A recent joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Agency (CISA) and the Department of Health and Human Services (HHS) also warns of the “Diaxin Team” which has been disproportionately targeting the healthcare sector with ransomware and data extortion techniques since at least June 2022. This cybercrime group has gained access to HDOs via unpatched vulnerabilities and compromised credentials to encrypt servers responsible for patient services, including diagnostics and imaging. Cyber threats to healthcare organizations are so pervasive that the White House has come out with a National Cybersecurity Strategy that outlines how the Executive Branch plans to approach cyberthreats to the nation’s increasingly hyper-connected critical infrastructure.  

The cyber risks facing healthcare organizations are growing exponentially as digital transformation shows no signs of slowing down and medical devices are increasingly connected to the internet. The good news is that by bridging the divide between silos, HDOs can strengthen security and mitigate risk to their operations while maximizing efficiencies. The time to get started is now, and Claroty is here to help.

Common Healthcare Cybersecurity Silos to Avoid

When it comes to cybersecurity, HDOs often run the risk of forming three different siloed groups:

  1. IT Cybersecurity: Focused on protecting the privacy and integrity of the hospital's systems and data, and the general reliability of the infrastructure they connect to and flow through. 

  2. BioMed: Focused on the devices and the ongoing ability to efficiently and effectively use them to deliver patient care.

  3. Business Units (Procurement, Finance, Operations, etc.): Focused on operations and the business functions needed to keep the HDO going.

Everyone within the HDO exists for the same purpose — to deliver the highest quality care possible and to optimize patient outcomes. However, each group uses different tools and processes, approaching their activities in different ways, with limited understanding of inter-dependencies and potential impact on others departments. If not mitigated through effective coordination and management, these cybersecurity blind spots created by organizational silos can prevent essential teams from doing their jobs and can disrupt care. 

The Importance of Bridging the Healthcare Cybersecurity Divide

Imagine the following scenario: 

The security team of a large academic hospital recently did a code upgrade to its wireless infrastructure to improve its security. The action was coordinated with the BioMed team ahead of time, and it was thought that the code change would not affect their devices at all. Once the upgrade began, however, a number of systems were unable to reconnect, disrupting the hospital’s ability to deliver care. 

The root cause analysis showed the affected devices were using an older version of a wireless security standard to connect, which was incompatible with this upgrade. If security had visibility into this level of device detail, they may have been able to avoid the issue, but the data was contained in one of biomed’s tools which meant that neither group was able to perform their jobs successfully.

This example clearly demonstrates why it is imperative to close the divide. Only when HDOs remove silos can they start to improve their ability to move forward, together, towards the common goal of improving patient outcomes and transition into the smart hospitals of the future. This effort will require a convergence project based on regular, cross-functional collaboration among diverse stakeholders from all departments to achieve alignment with each other’s missions and the overall vision of the hospital. Tools, technologies, and processes will need to be shared across teams and integrated in appropriate and meaningful ways to improve security and operational efficiencies.

Initiating Healthcare Cybersecurity Convergence

With a clear understanding of why a convergence project is needed, the next step is to understand how to go about it. Leaders at all levels of the healthcare enterprise need to play a significant role and will ultimately be responsible for the success of the project. The critical success factor is ensuring diverse teams are able to work together to generate innovative solutions to complex problems. The following three principles will help create a convergence culture and foster cross-functional teamwork.

  • Principle 1: Demonstrate a commitment to developing an open, inclusive culture that values diversity of title, role, department, experience, and function.

  • Principle 2: Demonstrate a willingness to be flexible in the way problems are approached to explore all ideas and consider all perspectives.

  • Principle 3: Establish the use of a common language to facilitate communication across the organization. For example, do BioMed engineers know this as something different than IT does?

With these principles in place, HDOs can move onto the next phase of convergence, which is interoperability.This is defined by HIMSS as the ability of different information systems, devices, and applications to work together within and across organizational boundaries in order to advance the effective delivery of healthcare for individuals and communities. Having an understanding of all relevant IT, medical, and business devices and systems across the extended internet of things (XIoT) in this phase  is essential.

The Scope of Successful Healthcare Cybersecurity Convergence

A converged approach to security and risk mitigation requires detailed visibility into everything — managed and unmanaged — connecting to the network. This ensures there are no blind spots and no devices unaccounted for within the healthcare organization’s technology environment, including:

  • Operational Technology (OT): Within a healthcare environment, OT typically includes building management systems (BMS) for heating and cooling, refrigeration units, air filtration, power, and other industrial facilities controls needed to keep the building running while creating a safe environment for patient care.

  • Healthcare XIoT: The healthcare XIoT encompasses the many types of medical devices and applications that directly relate to patient care. This includes monitoring devices, such as MRI machines, CT scanners, and vital sign monitors, as well as infusion pumps and defibrillators that interact directly with the physical world and can be considered cyber-physical systems. Sensing, actuating, interface, and support capabilities are also part of the healthcare XIoT and are sometimes overlooked as they operate behind the scenes.

  • Telehealth XIoT: Telehealth is entirely reliant on digital technologies, which include remote patient monitoring devices used to extend the reach of the hospital to deliver care. While the telehealth XIoT can be regarded as a subset of the broader healthcare XIoT, it's worth noting due to the explosive growth of healthcare amid the COVID-19 pandemic. 

  • Traditional IoT: In a healthcare context, this may include devices such as phones, printers, security cameras, and televisions, all involved in the general operations of the hospital.

Bridging the Cyber-Physical Cybersecurity Gap in Healthcare

Since all of the technologies described above are connected to common healthcare technology networks, the way  these devices are procured, tracked, maintained, and protected must also converge. Having a mix of devices, both remote and local,  means that any convergence program must take into account the cyber and physical aspects of business operations. 

The last few years have put unprecedented pressure on HDOs who continue to be plagued by significant security incidents as they increase connectivity to improve patient care. HDOs today need a “protect to enable” strategy that fuses IT/security, BioMed, and business outcomes to propel healthcare enterprises to the next phase of hyperconnected, smart, and secure organizations. This journey will vary from one HDO to another, but it will always require cross-functional leadership and collaboration and, when well executed, will lead to the same destination — improved patient outcomes and business value. 

How Claroty Can Help 

Medigate by Claroty has developed an innovative operational assessment framework called “The Real-Time Healthcare Convergence Maturity Assessment” (CMA). This online self-assessment tool can help your organization to identify gaps in your security strategy to better assess and manage your enterprise risk. This framework provides a way for HDOs to assess their convergence maturity and determine the actual day-to-day risks they need to know about. Uncovering the areas of risk that live across traditional silos within your organization will allow you to address them head-on and eliminate future risk. To learn more about how Claroty can help your organization develop the right healthcare cybersecurity approach for your unique environment, read this whitepaper.

Stay in the know Get the Claroty Newsletter

Interested in learning about Claroty's Cybersecurity Solutions?

Claroty
LinkedIn Twitter YouTube Facebook