By Antoine Korulski, Product Marketing Manager, Infinity architecture

Highlights:

  • The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022, with one in 42 organizations impacted by ransomware.
  • 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, they concluded that having too many security vendors results in complex security operations and increased security headcount.
  • Save the Date – December 7th for a Healthcare CISO Talk. Register Here: EMEA/APAC AMERICAS

What’s the most effective way to achieve cyber resilience – to consolidate security or to take a best-of-breed vendor approach? It’s a long-debated topic within IT circles with each option offering viable technical and business arguments. As a CISO every conclusion you come to will impact your cyber security effectiveness for years to come.

A recent survey by the Ponemon Institute stated that more than 20 percent of healthcare organizations reported increased patient mortality rates after experiencing a significant cyberattack and another 57 percent said they experience poor patient outcomes.[1] Additionally, the study identified four common types of attacks – cloud compromise, ransomware, business email compromise/phishing, and supply chain.

Successful cyberattacks on healthcare organizations can be disruptive and even deadly.

In this post, we use the healthcare industry to illustrate how a consolidated security approach can best assess and address your organization’s security gaps. Healthcare facilities such as hospitals, clinics, labs, and other medical environments offer a broad and complex attack surface. These facilities include networks, cloud infrastructure, desktop, and mobile endpoints, as well as network connected IoT devices. The latter are sensor-driven medical devices that track and monitor in real-time, most are not designed with security in mind.

Healthcare providers’ dynamic environments also introduce complex layers of user types and access privilege levels that can make sensitive personally identifiable information (PII) and other medical data ripe for cyber thieves. The emergence of breaches initiated by nation-state-sponsored cyber gangs can select specific targets to damage reputations.

The cost of a breach in the healthcare industry went up 42% in the past 24 months. For the 12th year in a row, healthcare had the highest average data breach cost of any industry with an average total cost of a breach ballooning at $10.10M. (Source: IBM and CPR)

The challenges of the healthcare system’s multi-vendor environment

Is security consolidation a viable option for healthcare professionals to consider? If so, how will it significantly enhance an organization’s security posture, improve security operational efficiency, and greatly reduce TCO (Total Cost of Ownership)?

In their CISO Effectiveness Survey, Gartner reported that 78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio; 12% have 46 or more. They concluded that having too many security vendors results in complex security operations and increased security headcount.[2] Eight percent of respondents saw vendor consolidation as an avenue for a more efficient security strategy. Where IT budgets are often constrained, the question arises: How do healthcare CISOs deal with the bloat of security products?

Consolidation is a big desire from customers—possibly a response to the tool sprawl that we mentioned earlier. There is a feeling in the market that there might already be too many companies, so it’s not just about more innovation but also building integrated platforms so customers can go to one place and get more baskets of services.[3]

Healthcare organizations heavily targeted

Check Point Research (CPR) reported that on average the healthcare sector experienced 1426 weekly attacks, a 60 percent increase in 2022 over the previous year.[4] Some of the most high-profile attacks have targeted healthcare organizations. In recent weeks, it was reported that the National Health Services (NHS) had suffered an attack and several services, including NHS 111, some urgent treatment centers, and some mental health providers were taken offline.[5] The ransomware attack targeted a software supplier for 111 telephone advice services, GP surgeries, and some specialist mental health trusts.

Figure 1: Top 3 targeted industries. Attacks on healthcare grew 60% YoY.

Deryck Mitchelson, Field CISO, Check Point, said that the NHS service’s threat landscape has grown significantly, with the increased likelihood of major cyber-attacks at any time.[1]

Today’s ransomware economy is a complex operation extorting millions of dollars per ransom, holding entire organizations captive under the threat of a total system shutdown. As a business model, Ransomware-as-a-Service (RaaS) has seen the appearance of low-cost affiliate programs for any criminal to get involved. In one recent case, “diabolical” is the term used to describe a cyberattack on a major Paris hospital.[2] A wide range of IT systems were paralyzed, and the threat actor demanded $10 million to unlock them and threatened to release patient data. In the attack’s aftermath, hospital staff struggled to provide emergency services and patient data and prescriptions had to be handled manually.

Besides ransomware attacks, healthcare organizations – in line with every industry – can expect to experience a vast array of attack methods, including phishing, various botnet attacks, distributed denial of service, and more.

Check Point Infinity ELA

Healthcare depends on innovative solutions and services, and any disruption can endanger lives and livelihoods.

What actions can CISOs take to better ensure the protection of their organizations?

One answer is to consider the use of a consolidated security platform designed to guard against today’s critical zero-day and fifth-generation threats across the network, cloud, IoT, and endpoints. Check Point Infinity architecture leverages Check Point’s ThreatCloud, a real-time global threat intelligence platform that monitors networks around the world for emerging threats and vulnerabilities.

ThreatCloud in action

Check Point Infinity is based on a flexible ELA (enterprise license agreement) that can be tailored to an organization’s specific requirements and individual application priorities. Infinity ELA’s simplified pricing structure is clear and streamlined, allowing an organization to deploy security solutions gradually and optimize costs. As an example, one may want to address endpoint security first, and at a later point, focus on network security. The Infinity consolidated security architecture achieves a reduction of security total cost of ownership (TCO) by an average of 20 percent.

Follow the link to read more about the Check Point Infinity Enterprise License Agreement.

You can also visit Check Point Healthcare Cyber Security Solutions on our website to get an overview of what we offer.

Join Us for the below Healthcare CISO Talk on December 7th.
A panel of three security executives will discuss challenges and opportunities in securing life-critical IT infrastructures.

Register Here: EMEA/APAC AMERICAS

[1] “NHS at risk of further major cyberattacks this year, experts warn,” by Rebecca Thomas, Health Correspondent, Independent, August 12, 2022
[2] “French hospital hit in $10m cyberattack by “diabolical” ransomware hackers,” by Ryan Morrison, Techmonitor, August 23, 2022
[1] “Study Confirms Increase in Mortality Rate and Poorer Patient Outcomes After Cyberattacks,” HiPAA Journal, September 8, 2022
[2] “The Top 8 Security and Risk Trends We’re Watching,” by Kasey Panetta, Gartner, November 15, 2021
[3] “Have you experienced tool sprawl in cyber security?,” by Christopher Gannati, Nasdaq, September 11, 2022
[4] “2022 Security Report, Check Point Research, January 2022
[5] “Fears for patient data after ransomware attack on NHS software supplier,” by Dan Milmo and Denis Campbell, The Guardian, August 11, 2022

You may also like