Composed of several disparate systems and teams, consolidating data is a significant challenge for many hospitals. Juggling emerging technologies with IoT adoption is causing the attack surface to rapidly expand, while remote administrative and IT workforces only make the environment more complex. Hackers are continuing to relentlessly target healthcare, with ransomware incidents already up a shocking 328%, just in the first half of 2022.
Between these cyber pressures and the growing number of analyst-proposed methods and acronyms being offered to boost security, determining the best cyber strategy for an entire health system can be overwhelming.
Many have turned to zero trust architecture (ZTA) to help. This calls for organizations to embrace a ‘never trust, always verify’ approach by authenticating and vetting users at every access point. It suggests a holistic framework for implementing the most essential security solutions like identity verification and multifactor authentication (MFA) to prevent lateral movement across a network. However, if not done strategically, ZTA can hinder productivity and create unknown in gaps in the security system.
Some healthcare delivery organizations (HDO) utilize a variety of siloed solutions to achieve ZTA, but it doesn’t always create the most efficient or sustainable workflow. Instead, strong integrations between technologies are critical for an effective system that benefits both CISOs and end users. Fortunately, there’s a new analyst term that builds upon ZTA to encourage this: cybersecurity mesh architecture (CSMA).
Extending beyond zero trust, cybersecurity mesh offers a comprehensive, well-integrated foundation for health systems to increase defenses around every digital identity and access point. To understand what led to the development of this concept, let’s look at the biggest changes in healthcare’s cyber environment.
Changes in healthcare’s cyber landscape
Covid-19 enabled cybercriminals to thrive. With hospitals rushing to adjust and support their remote workforces and access for third parties (let alone treat an influx of patients), bad actors started to prey on the vulnerabilities created by a weakened security posture.
The traditional perimeter for how users accessed the network was dissolved. Virtual private networks (VPN) and remote desktop protocol (RDP) used to be effective enough in preventing breaches. But surging ransomware attacks proved that was no longer the case. Hackers began to exploit the vulnerabilities this situation created, with one of their main gateways to access being unsecure third-party integrations. And the problem hasn’t slowed down since then – in fact, 55% of healthcare organizations experienced a third-party breach in the last 12 months.
IoT adoption also grew and became integrated into hospital systems. As users connected to the network from different locations and cloud-based applications, a decentralized environment emerged and brought on new risks that weren’t a factor in the old ‘castle-and-moat’ security strategy. This decentralization created more opportunities for lateral movement across the network, giving hackers the ability to breach digital identities and lay low while looking for the most sensitive assets to attack – like patient information.
This digital environment is surely unsustainable. Although many are taking steps to bolster their security through ZTA, utilizing cybersecurity mesh could take the strategy one step further to provide a stronger and more adaptable framework, boosting defenses from all angles.
What is cybersecurity mesh?
One of the most popular analyst terms in 2022, cybersecurity mesh is a defense method for securing each device and critical access points with their own security perimeter. It builds a foundation of dynamic interoperability in the environment, rather than the traditional security protections of a single perimeter. This lays the groundwork for organizations to build and extend their ZTA.
CSMA should be viewed as an interconnected identity fabric. As healthcare embraces digitalization in the age of ransomware warfare, there’s an urge to implement several protections as quickly as possible. However, there always needs to be a strategic method behind new implementations. In CSMA’s case, the ‘meshing’ of solutions must be cohesive. Between the cloud, on-premises infrastructure, or hybrid environments, CSMA supports and protects digital identities. In addition, it leverages analytics to keep organizations capable of responding quickly in the case of an attack or breach. That in turn provides shared intelligence that triggers actions across several systems.
Although cybersecurity mesh, like zero trust, might be viewed as another buzzword, all organizations, especially healthcare, should consider this method when building a digital identity strategy.
Getting started with cybersecurity mesh
With attacks only increasing, the time to bolster security is now. Gartner estimates that by 2024, in the event of a cyber incident, organizations with CSMA will reduce their financial impact by an average of 90%. To enable healthcare to focus less on the next breach and more on providing patient care, start by answering these questions:
- What are the most critical access points at your organization? Understanding how and where your most important data is accessed is critical. Build access policies around those points and decide the best authentication methods from there.
- What is needed to implement ZTA? Determine an outline for achieving ZTA by enforcing an approach that denies trust and makes users verify their identity at every touchpoint. Move away from VPN and RDP to prevent cyber criminals from moving across the organization laterally.
- Where can analytics be used to monitor and audit user access and behavior? There are many different tools organizations can use for this – from screen-recording privileged access sessions to conducting analysis. This is an effective way to provide insight into how users are interacting with sensitive information. It’s also a simple way to identify any suspicious activity that creates a potential risk for a breach while giving them the tools to prevent one before it’s too late.
- Have you closely assessed the third parties your business works with? With third-party integrations being a primary access point for bad actors to breach, analyze your connections with all third parties. This improves visibility into their external operations, allowing you to vet their processes and verify external users.
Cybersecurity mesh is an extremely valuable tool for healthcare systems to improve their security and protect their digital identities from all angles. As cyber threats become more sophisticated, taking steps toward cybersecurity mesh could save organizations a lot of time, energy, and money in the long run.
Wes Wright is the Chief Technology Officer at Imprivata. Wes brings more than 20 years of experience with healthcare providers, IT leadership, and security. Prior to joining Imprivata, Wes was the CTO at Sutter Health, where he was responsible for technical services strategies and operational activities for the 26-hospital system. Wes has been the CIO at Seattle Children’s Hospital and has served as the Chief of Staff for a three-star general in the US Air Force.
Wes holds a B.S. in Business and Management from the University of Maryland and received his MBA from The University of New Mexico.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.