Healthcare delivery is changing — and so are their IT operations and technology stacks. As a result, medical organizations are looking for a new prescription that can help deter ransomware attacks, safeguard sensitive protected health information (PHI), and prevent costly and potentially life-threatening downtime. The zero trust security model is fast filling that role for medical cybersecurity.
The Changing Healthcare Cybersecurity Landscape
Healthcare organizations are different from the typical enterprise when it comes to handling large amounts of data. They face a special set of cybersecurity challenges, which require them to adopt a compliance-first strategy.
First and foremost, protected health information (PHI) must be carefully guarded. Healthcare organizations need to comply with various regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), concerning its use. At the same time, PHI is also increasingly valuable to cybercriminals, much more so than credit card data. Successful cyberattacks that steal this type of data can be lucrative for criminals.
In such a highly regulated landscape, healthcare organizations are also changing how they operate. They are adopting cloud-based applications and services to simplify IT operations, increase clinician productivity, and improve patient care and outcomes. More organizations and physicians are embracing telehealth visits and remote patient monitoring using internet-connected sensors. As new cloud applications mix with existing healthcare IT architecture — which includes numerous on-premises and legacy applications that organizations have been using for years — the number of vulnerable attack surfaces increases.
Today’s healthcare organizations also rely on third-party providers and outsourced staff to carry out everyday operations, which makes identity access management difficult to implement.
A Simplified Zero Trust Approach
With so many moving parts in today’s healthcare landscape, enterprises need a cybersecurity solution that is dynamic, modern and extensible. The National Institute of Standards and Technology (NIST) Zero Trust Framework fills that need. It assumes all users, endpoints and workloads are inherently untrustworthy, whenever and wherever they access enterprise resources or applications.
Under this security model, users are authenticated, authorized and validated independent of network borders. With zero trust, the goal is to decrease attack surfaces, increase contextual decisions for higher and more accurate response automation, and restrict lateral movement if a resource is compromised.
A simplified zero trust approach can check off many boxes if employed properly. It needs to be frictionless, both for end users — such as physicians and other care providers — and for IT professionals. It needs to keep an eye on the various layers where an intrusion can occur: the endpoint, the identity, the network or the data layer. Taking advantage of cloud-native security controls to monitor all relevant attack vectors helps speed detection and response without the burden of massive log management and complex systems management.
If a breach does occur, the zero trust approach works to limit the attack surface. If your building catches fire on the first floor, for example, you need to figure out ways to isolate the rest of the building. Limiting the attack surface with identity segmentation helps to get there, much in the way a fire door functions during a fire. Identity segmentation focuses on securing a user’s or application’s relatively unchanging credentials. This is different from network segmentation, where networking components may change frequently.
Real-time assessments are also key in developing a smart approach to zero trust. Sometimes you might allow access for two hours, but an endpoint user credential can be compromised in a matter of seconds. In such cases, understanding what types of information are being accessed — and why — helps build context. Real-time analytics and understanding of changing access permissions help automate responses to allow, block or challenge a request, and help accelerate SecOps teams’ investigations when required.
Healthcare organizations can implement zero trust in phases and address urgent requirements as quickly as possible. They can first gain a holistic view of all users and assets, including all on-premises and cloud-based workloads and identities. They can also then deploy advanced artificial intelligence-based threat detection and prevention capabilities to defend against ransomware attacks, either at the endpoint layer or the identity layer. Covering legacy applications and optimizing user productivity can come after that.
The view that every access point to a network is inherently untrustworthy helps healthcare organizations develop a compliance-first, intelligent and frictionless approach to cybersecurity. It is no wonder that healthcare organizations are increasingly leaning on zero trust as an effective cure for their complex security challenges.