As cybercrime continues to plague the healthcare business, a mannequin that focuses on figuring out and blocking every step of a cyberattack might assist suppliers keep one step forward of the hackers.
The necessity for efficient cybersecurity protocols in well being methods is extra urgent than ever. Within the first six months of 2021, information breaches jumped by 27% to 343 in contrast with the identical interval final 12 months, in response to a latest report. Many suppliers have already been the sufferer of a ransomware assault this 12 months, together with massive and well-resourced ones like Trinity Well being and UPMC.
The reply to healthcare’s cybersecurity woes could lie in fashions adopted from different industries, just like the “cyber kill chain” mannequin, stated Steve Winterfeld, the advisory chief info safety officer at Akamai Applied sciences, a cybersecurity agency.
The mannequin was developed by protection contractor Lockheed Martin as a army operations framework. Utilizing the mannequin, the army can define all of the steps of a possible assault after which work out methods to cease it at every step. The identical mannequin can be utilized to element the steps concerned in a healthcare ransomware assault, enabling organizations to defend themselves at every level, Winterfeld stated, in a telephone interview.
“The explanation we name it a kill chain is you may cease [the hackers] when they’re conducting reconnaissance, you may cease them on the assault, you cease them when they’re establishing command and management [over your systems],” he stated. “That previous saying that the defender has to get it proper each time and the attacker has to get it proper solely as soon as isn’t true in case you use this system. [The attackers] now should get it proper a number of instances to achieve success.”
As soon as they’ve outlined the steps of a cyberattack, well being methods can think about implementing a mixture of protection methods. For instance, they will get rid of system vulnerabilities via patching, curb malicious attachments despatched through electronic mail via filtering and stop entry to contaminated web sites via a safe net gateway, Winterfeld stated.
The mannequin helps well being methods undertake a programmatic, fairly than a reactive, stance to cybersecurity.
“It provides you a approach to look from the begin to the tip of what might occur to you and consider [your response] at every section,” Winterfeld stated. “Fairly than a degree resolution, you might be asking your self [how to ensure] prevention-detection-response all through the lifecycle of an assault.”
However, whereas the “cyber kill chain” mannequin will help well being methods work out what must be finished, that doesn’t imply the well being methods essentially have the wherewithal to take action. Implementing this mannequin wants vital monetary and human assets, stated Mike Kijewski, CEO of cybersecurity firm MedCrypt, in an electronic mail.
These necessities come at a time when most hospitals are dealing with a extreme cash crunch, made worse by Covid-19.
“J.P. Morgan reported that they spend $660 million a 12 months on cybersecurity, or about 0.5% of their total income,” Kijewski added. “Hospitals want to have the ability to spend the identical proportion of their funds on cybersecurity, however few have the assets obtainable to do it.”
But strained assets however, hospitals face a alternative: Chorus from including expertise that’s costly however helps to stop an assault or danger the expense and reputational injury of experiencing one
And as cybercrime worsens, fashions like “cyber kill chain” could assist them put up an efficient protection in opposition to the assorted unhealthy actors seeking to infiltrate their methods.
Picture: sdecoret, Getty Photographs