Cyber attacks aimed at the health industry are occurring more frequently, and they are becoming more sophisticated and harmful. There are many reasons for this, of course. But leading the pack are the sophistication of the attacker (and the attack) and the arrival of the AI. There are also reasons that are exclusive to the health sector, including the incibrating use of telemedicine, remote work or continuous hybrid environments, and the growing use of connected medical devices, including ECG monitors.
The transformative impact that new technologies and medical care services have on patient care are not argued. Unfortunately, these innovations have also expanded the attack surface for cybercriminals and, in doing so, they exhibited critical vulnerabilities in the health infrastructure and the facilities of the systems trust.
The Office of the Department of Health and Human Services for civil rights reports that were 677 main health data violations in 2024, which impacted more than 182 million people. While the total number of infractions decreased by 2024, the volume of committed records rose to 276 million. That is more than double the number of 2023, and includes which date to date is the largest violation of registered health data: the ransomware attack against the change of health that affected 190 million people.
The general risk is driven by medical care organizations that, in many cases, continue to depend on reactive and obsolete security practices that cannot be kept up to date with threat actors constantly seeing. It is clear that a new approach to health safety is needed, one in which the emphasis changes to proactive prevention, not in the response. The latter is a loser diagnosis.
New threats demand a new mental set
While threats to medical care come in many varieties, ransomware continues to reign, as demonstrated by the change in health violation. Another recent example is the violation of ascension medical care, which was attributed to the Black Ransomware Group enough. The attack successful paralyzed systems in more than 140 hospitals, delaying surgeries and interrupting emergency services.
One of the largest Achilles heels in industry is obsolete technology. Many medical care organizations still depend on inherited operating systems, which continue to use Windows non -compatible versions to execute critical applications and medical devices. Since these systems are no longer compatible, they cannot easily patch or update, something that the attackers have tasks of what are being notified and progress on the opportunity to exploit the vulnerabilities of thesis, often not detected.
Another risk is the multitude of devices that connect to the network of an installation. These devices are transforming patient care. However, they also introduce new vulnerabilities. In 2024, Censys Research discovered more than 5,100 servers of images of public exposure images, which put the confidential data they contain at a serious risk.
The good news
Threats can be prevented if medical care organizations are willing to change the approach to reactive security approaches to preventive measures. Like preventive care in medicine (where doctors can detect possible diseases and diseases in their early stages), health facilities can improve their safety posture through preventive strategy and preventive measures.
Preventive or proactive cybersecurity identifies and eliminates vulnerabilities before being exploited. Strengthening the protection of the end point (which includes work stations, laptops and connected medical devices) must be a priority. All final points must be insured with technology capable of detecting ransomware and blocking Filess malware, two of the current and highly harmful attack techniques.
Next, consider modern memory protection technologies, which can prevent attacks from running first. This includes stopping zero day exploits and advanced attacks with persistent threats (APT) before they can inflict damage. With the correct solution solutions, medical care organizations can stop these attacks before damage is carried out or before the sensitive patient files are committed. And you can do it while integrating with organizations inherited systems.
Now, let’s change to ensure connected devices, especially anyone who is running obsolete software. An option is to segment networks, which can help contain possible violations. The protection of the execution time at memory level can help maintain safe devices even when the patches are not available. When it comes to incorporating new devices in your network, looking for manufacturers that sacrifice timely firmware updates, use virtual patches and implement hardening measures. These are critics to help close any gap that attacks can expose.
Finally, inherited systems continue to present a risk, and for most, the replacement of these systems is simply not an option. In these cases, organizations can isolate critical infrastructure systems and then establish defenses that can protect them against without blinking.
The zero confidence motto “never trusts, always verifies” is particularly relevant in health environments where the continuous user, the device and the connection verification are critical. Organizations can begin by applying strict access controls and multifactor authentication. Next, it implements continuous monitoring of behavior and the principle of less privilege, where people are only given access to data and Systey is absolutely the need and nothing else.
At this point, it is important to note that even taking some of the steps shared through this article, will never be safe without addressing the elephant in each room: human error.
According to the Verizon 2024 (DBIR) data research research report, non -malicious human error represented 68% of medical care data violations. To mitigate the risk, consider performing simulations and regular workshops, which teach staff how to recognize phishing, resist social engineering and respond in an inverted way to emerging threats. Training must be there, specifically personalized for the environment of your organization and focus on real world scenarios. Some examples include false calls for technical support or emails generated by AI that intend to be part of the internal communications of an organization.
Unfortunately, also with the best technologies and a team that is completely trained in the latest threats, incidents are inevitable. When they occur, a comprehensive disaster recovery plan is essential to help recover quickly. That includes immutable backup copies with which ransomware cannot manipulate, regular testing of recovery processes and an approach to the best path can quickly restore operations while minimizing the impact on their patients.
Finally, the protection of dedicated anti-Ransomware offers a last line or critical defense. These tools address each stage of an attack, this includes proactively identifying vulnerabilities and preventing attacks from exploiting them, as well as obtaining return operations and recovery after the incidence. The teams can also launch forensic research on what happened, why it happened and how it can be prevented in the future. When they are in layers with other strategies, they create a security posture capable of resisting the complex threats that face medical care today.
Organizations must be prepared to combat increasingly sophisticated cyber attacks. Adaptive, preventive and preventive strategies can help your organization protect patient data, keep your systems online and, ultimately, allow your staff to concentrate on what you do best: take care of patients.
Photo: traffic_analyzer, getty images
Brad Laporte, Marketing Director of Morphisec, is an experienced expert in cyber security and former military officer specialized in cybersecurity and military intelligence for the military and allied forces of the United States. With A Distinguished Career at Gartner As a top-raged researcry, brad was Instrumental in establishing key industry categories such a Attack Surface Management (ASM), Extended Detection & Response Foundation and Foundation and Foundation and Foundation and Foundation and Foundation and Foundate and Foundation and Foundation and Foundation and Foundation, and Foundation and Foundation and Foundation and Foundation and Foundation and Foundation and Foundation and Foundate and Foundation (CTEM). His forward thinking approach led to the start of the Secureworks MDR service and the first in the EDR product red layer industry. In IBM, he headed the creation of the Security portfolio of the end point, as well as MDR, Vulnerability Management, Intelligence of Threats and SIEM OFFERS, further solidifying his reputation as years of safe visionary solutions.
This publication appears through Medical influencers program. Anyone can publish their perspective on business and innovation in medical care in Medcity News through influential people of Medcy. Click here to find out how.