Why healthcare in the cloud must move to zero trust cybersecurity

Healthcare providers must look beyond the cloud and adopt zero-trust security to succeed in fighting back against the onslaught of breaches their industry is experiencing.

Attackers often prey on gaps in network servers, incorrectly configured cloud configurations, unprotected endpoints, and weak to non-existent identity management and privileged access security. Stealing medical records, identities and privileged access credentials is a high priority for healthcare cyberattackers. On average, it takes a healthcare provider $10.1 million to recover from an attack. A quarter of healthcare providers say a ransomware attack has forced them to stop operations completely.

Forrester’s recent report, The State of Cloud in Healthcare, 2023, provides an insightful look at how healthcare providers are fast-tracking their cloud adoption with the hope of getting cybersecurity under control. Eighty-eight percent of global healthcare decision-makers have adopted public cloud platforms, and 59% are adopting Kubernetes to ensure higher availability for their core enterprise systems. On average, healthcare providers spend $9.5 million annually across all public cloud platforms they’ve integrated into their tech stacks. It’s proving effective — to a point.

What’s needed is for healthcare providers to double down on zero trust, first going all-in on identity access management (IAM) and endpoint security. The most insightful part of the Forrester report is the evidence it provides that continuing developments from Amazon Web Services, Google Cloud Platform, Microsoft Azure and IBM Cloud are hitting the mark with healthcare providers. Their combined efforts to prove cloud platforms are more secure than legacy network servers are resonating.

That’s excellent news for the industry, as the latest data from the U.S. Department of Health and Human Services (HHS) Breach Portal shows that in the last 18 months alone, 458 healthcare providers have been breached through network servers, exposing over 69 million patient identities.

The HHS portal shows that this digital pandemic has compromised 39.9 million patient identities in the first six months of 2023, harvested from 298 breaches. Of those, 229 resulted from successful hacking, 61 from unauthorized access/disclosure, and the remainder from theft of medical records. Business email compromise (BEC) and pretexting are responsible for 54 breaches since January, compromising 838,241 patients’ identities.

Considered best-sellers on the Dark Web, patient medical records provide a wealth of data for attackers. Cybercrime gangs and globally organized advanced persistent threat (APT) groups steal, sell and use patient identities to create synthetic fraudulent identities. Attackers are getting up to $1,000 per record depending on how detailed the identity and medical data are.

Lessons from the 2023 Telesign Trust Index, which showed the increasing fragility of digital trust, must also be applied to healthcare…

Read full article: VentureBeat

By Louis Columbus

Source