Over the last decade the healthcare industry has famously been one of the industries most targeted by hackers. This fact was recently validated by IBM’s annual Cost of a Data Breach report conducted by the Ponemon Institute.
The report examined 524 organizations that experienced a data breach between August 2019 and April 2020 from a wide range of industries and regions. Researchers interviewed over 3,200 individuals in the know on those incidents to discover the costs associated with discovering and responding to the breach.
The report indicates that the highest price paid for data breaches is by the healthcare industry, with costs reaching $7.13 million annually as opposed to an average cost of $3.86 million across all sectors. Additionally, it shows that in the last year, these numbers have increased 10.5% from the 2019 report, the highest increase out of all industries.
One of the primary reasons for healthcare organizations being so susceptible to attacks is the vast number of users and types of users that require access to the hospital networks and resources. This creates a large attack surface for hackers to exploit, allowing them to gain access to hospital networks and wreak havoc.
Challenges of Maintaining a Healthcare System
Trying to map the different types of users a healthcare organization has can prove to be a challenge as there are a wide variety of users:
Employees and administrators of the healthcare organization
Third-party users such as contractors and other healthcare organizations
Connected devices like medical and IOT devices
Consider the need to grant each user with the appropriate access and you’ll find even more challenges:
- Controlling and securing remote access to healthcare resources for external users – This would require supporting different types of users, such as employees and contractors. Security access should only be provided once trust is established, and users should be kept off network when accessing data. The system should also be able to support both VPN and non-VPN users as well as WFH (work from home) and BYOD users and legacy applications.
- Controlling and securing access to healthcare organization resources for internal users – As with the protocols for external users, here too users should be kept off network when accessing data and use of legacy applications should be supported. Additionally, MFA should be added to applications without MFA support.
- Controlling access between different network segments – The IT and OT networks should be segmented in order to separate the medical devices’ network from other networks and to prevent lateral movement between networks.
- Preventing malware propagation on file shares – It’s necessary to prevent malware from encrypting file shares to reduce the risk of ransomware attacks.
- Complying to the regulations set by organizations such as HIPAA
Safe-T’s ZoneZero Solution
Safe-T has developed a solution that can change the way healthcare organizations grant secure access to their services. ZoneZero is the first ever Perimeter Access Orchestration platform which provides central management of all secure access technologies and helps organizations achieve Zero Trust Network Access (ZTNA). The solution incorporates models such as:
ZoneZero SDP – a client-less ZTNA solution for non-VPN users
ZoneZero VPN – a ZTNA solution for VPN users, achieved by integrating with all VPN solutions
ZoneZero MFA – a ZTNA solution for internal users, achieved by providing built-in and integration with third-party MFA and Identity Providers (IdP)
ZoneZero SFA – an SMB proxy for Windows file shares, converting SMB to HTTPS and adding MFA for file share access
Safe-T’s ZoneZero solution also allows healthcare organizations to support all access scenarios, including:
- All user types – people (managed or unmanaged), applications, APIs, and connected medical devices
- All user locations – external or internal
- All application types – new or legacy
- All application locations – cloud or on-premises
The solution provides all types of entities with secure, transparent, and controlled access to any internal applications, services, and data, including HTTP/S, SMTP, SFTP, SSH, APIs, RDP, SMB, and WebDAV.
Implementing Safe-T’s patented reverse-access (outbound) technology eliminates the need to open incoming ports in the organization’s firewall, enhancing the systems security. The technology gives healthcare organizations the ability to logically segment their networks and prevent lateral movement between IT, OT, and medical device networks.