A new study shows that connected medical and IoT devices have created an expanded attack surface, resulting in new attack vectors that cybercriminals exploit to gain unauthorized access to critical patient care systems and protected healthcare information (PHI).
The report from Elisity finds 60 percent of respondents flagged an inability to protect unpatchable or agentless devices as a critical or significant limitation. Poor visibility into device inventory ranked second at 30 percent.
In addition nearly half of respondents report that their cyber insurance carriers demanded specific controls during renewal in the past two years; accelerating timelines across the board.
“For two decades, healthcare did nothing about segmentation because legacy approaches demanded disruptions organizations couldn’t afford,” says James Winebrenner, CEO of Elisity. “Modern microsegmentation breaks that cycle: deploy in weeks on existing switches, cover every device, manage policies simply, zero downtime. A more modern approach is needed so that the industry can seamlessly secure their complex environments, prevent lateral movement attacks, and maintain patient care continuity while achieving HIPAA compliance and HHS 405(d) best practices.”
One of the report’s most critical findings is the gap in healthcare organizations’ ability to protect unpatchable or agentless devices. 62 percent of respondents rated their inability to protect these devices as a critical or significant limitation, the highest of any category surveyed. Poor visibility of devices and asset inventory follows at 56 percent, then policy-management overhead (54 percent) and lack of continuous monitoring for lateral movement and segmentation failures (52 percent).
Concerns about workflow disruption is the primary reason healthcare organizations do not deploy microsegmentation. In fact, 40 percent report these concerns as a barrier to implementation in their environments.
You can read more and get the full report on the Elisity blog.
Image credit: yokhanomwan/depositphotos.com
