Fortinet offers best practices for Malaysia’s healthcare sector to fortify cyber security as average cost of a cyber-attack in APAC hits US$23.3 million
Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, urges Malaysia’s healthcare providers to beef up cyber defence as cybercriminals are targeting the sector now more than ever.
The demand for healthcare in the Asia-Pacific (APAC) region is growing rapidly driving healthcare organisations to focus on digitisation and innovation. Faster and better networks have also allowed for the growth of telemedicine. The global telemedicine market is expected to grow at a rate of 16.9% annually to reach US$ 55.61 billion by 2025 from an estimated US$ 25.49 billion in 2020.
The move to increased telemedicine healthcare delivery techniques especially has raised the risk of a breach of sensitive patient data significantly. According to a 2019 Microsoft-commissioned study by Frost & Sullivan, cyber-attacks could cost healthcare organisations in the APAC region an average of US$ 23.3 million.
“While digital transformation has undoubtedly benefited the healthcare sector, it has also made it a prime target for cyber criminals looking to steal valuable patient data or hold online resources for ransom. As a result, cybersecurity has become an urgent need to the success of health systems, which are increasingly at risk. The vulnerabilities that enable these attacks exist in any vertical, but in the case of healthcare, they can be life-threatening,” said Alex Loh, Country Manager for Fortinet Malaysia.
There are several critical areas that every healthcare IT and security teams should focus on while improving their security practices. Fortinet suggests taking the following key steps:
Prioritize Telemedicine Security
Online tools and medical IoT devices for monitoring patient’s health are now ubiquitous that they are even used in surgeries. Patient portals give people more control over their healthcare and better access to critical information. However, medical digital transformation cannot exist without ensuring that data and connections are kept safe from cyber criminals.
For healthcare IT teams, they must establish visibility into the extended network architecture, data, and operating systems, as well as the Internet of Medical Things (IoMT) devices on the network.
Two of the most important tools for achieving this level of visibility are network access control (NAC) and cyber threat assessment programs (CTAPs).
Network Access Control (NAC)
NAC solutions enable secure authentication and onboarding, the monitoring of connected devices, and the issuing of an automated response when a malicious behaviour is detected. These solutions can also manage and enforce access policies across networks to ensure data protection.
Cyber Threat Assessment Programs (CTAPs)
CTAPs helps to identify network vulnerabilities. Information acquired during an assessment can be leveraged to build and validate current architectures that directly address any sort of vulnerability. This visibility can also enable security teams to bolster their telehealth initiatives and effectively allocate resources as needed.
Defend Against Insider Threats
Cyber threats do not always come from outside the organization. Insider threats, whether by malicious insiders, negligent users, or careless users, can be even more dangerous than external threats. However, user training and network segmentation can act as an important start to overcome these issues. But protecting against insider threats also requires full visibility into the network, as well as a robust set of benchmarks against which to compare threat data.
Defend the Internet of Medical Things (IoMT)
Connected medical devices are a fundamental component of coordinated healthcare. Many patients rely on them to maintain their health, even when they cannot visit the doctor. Unfortunately, these IoMT devices are innately insecure and vulnerable to the same types of attacks that impact other technologies, thus putting patients’ health and lives at risk.
Upon gaining access to a healthcare network, whether through a misconfigured or unsecured device, or vulnerable cloud data service or health system application, cybercriminals often have access to all devices connected to that network.
Alex Loh reminded healthcare industries in Malaysia that they cannot afford to be careless during digital transformation. Cyber security should remain the primary concern because patients who rely upon the health system for critical healthcare services, whether in person or remotely, are put at risk every time they make use of telemedicine offerings, use IoMT devices, or access data via an unsecured connection.
“The solution for healthcare security is multi-pronged. It requires cross-network visibility, prioritized threat management, real-time threat assessment, and a strategy for remediation should an event occur. The key to this approach is to plan ahead, and to leverage threat analysis to secure against both internal and external threats to the healthcare facility,” concluded Loh.