Security has always been important in healthcare, but with the rapid growth of digital technologies in care delivery and the ever-increasing number of connections, it has become even more complex.
When it comes to cybersecurity breaches, healthcare is the most targeted industry, with an average cost of a cybersecurity breach estimated at $10.1M USD. This cost is the highest across industries and has been so for the past twelve years.1
In the last year, ransomware attacks are up more than 123% in healthcare.2 And, we know that 53% of connected medical and other IoT devices in hospitals have a known critical vulnerability.3
A security breach can cost your organization more than just money. Reputation and care delivery reliability are on the line. You need to defend against threats and help safeguard patient data and medical devices with security resilience. This is where a strategy of clinical zero trust can help.
Clinical zero trust is a cybersecurity philosophy that has grown to address the multi-faceted needs of healthcare. Taking the cornerstones of zero trust ideas, this approach expands to encompass healthcare specific constraints including patient privacy concerns, connected and unconnected medical and IoT devices, and the explosion of virtual care delivery models.
In a zero trust environment, no person, device, or resource is considered secure. Networks are treated as perennially under attack and use a series of verifications to grant access to a specific user, at a specific time, to use a specific resource or functionality. This type of authentication has become increasingly necessary with the growth of the cloud and the proliferation of SaaS applications.
More and more, legitimate users are accessing networks outside the traditional secure network and firewalls. This leaves systems vulnerable to attacks from compromised devices, viruses, and malicious actors.
Clinical zero trust is no small undertaking. Medical devices are notoriously reliant on legacy systems that may not be compatible with this type of authentication – not to mention the plethora of medical and IoT devices that are either outdated, unconnected, or unaccounted for in any given facility.
Add that verification can slow down or interrupt patient care and you have a recipe for strong clinician pushback and snail’s pace adoption. However, in an increasingly hostile digital landscape, healthcare leadership needs to move toward this mindset to protect their patients, data and reputations.
So, how should healthcare systems start to approach clinical zero trust? The great thing is, overall, zero trust is both a strategy and architecture. It is a journey– not just a one-size fits all solution. IT leaders can work within their own systems or individual departments to define their own approach; one that will limit susceptibility without hindering virtual or in-person patient care.
The goal is ensuring that all stakeholders understand and participate willingly in their role in securing health IT systems while not impeding care delivery.
To learn more, we encourage you to read our new paper “Cybersecurity threats are top of mind for CIOs and CISOs” where we discuss how to assess your cyber readiness and build a strategy of business and security resilience.