Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingHospitals & Medical Centers

A new approach to healthcare cybersecurity

By Ben Denkers
healthcare ipad cybersecurity
June 9, 2022

In recent years, digital transformation has conspicuously changed numerous industries, reshaping everything from retailing to manufacturing — including healthcare. Like many other industries, the healthcare sector was compelled to rapidly adopt a combination of remote and distributed work, supported behind the scenes by an array of digital healthcare technologies.

While these technologies created new benefits and efficiencies, they also expanded the healthcare sector's attack surfaces, offering threat actors opportunities to breach important digital infrastructure. Cybercriminals have exploited these threats to devastating effect, ransoming hospitals and entire healthcare systems by shutting down critical functions, including medical records and billing.

Historically, many industries largely relied on government regulations to protect against security threats. While compliance does not equate to security, adhering to an official checklist of mandates gave many an acceptable (perhaps perceived) baseline level of protection. Yet the speed and sophistication of today's threat actors have made clear that the public sector too often falls far behind the pace of change. To protect themselves against current and future cybersecurity threats, organizations must become individually responsible for testing and validating their cybersecurity programs, adopting proactive rather than reactive security postures.

Healthcare's changing threats

Today's healthcare sector faces several particularly concerning cybersecurity challenges, including noteworthy increases in the volume, sophistication and variation of attack methods that have made their way into the wild. In addition to ransomware attacks for monetary gain, the industry has seen attacks designed purely for disruption and others focused on compromising user data, with the quantity and complexity of new threats exacerbating already challenging security gaps.

Cybercriminals have recently leveraged indirect supply chain attacks to disrupt companies well beyond their initial targets. Late last year, a ransomware attack on HR and payroll vendor Ultimate Kronos Group (UKG) led to widespread payroll issues at several health systems, adding one more stressor for employees already impacted by the COVID-19 pandemic — and spurring employee lawsuits this year against UKG's customers.

Patient data is still valuable, but it's no longer the holy grail for healthcare sector threat actors. Instead, cybercriminals are increasingly adopting wartime strategies, engaging in multi-pronged attacks that apply indirect pressure on critical infrastructure while causing compounding disruptions across the entire healthcare value chain. Major healthcare systems will be targeted along with similarly essential services ranging from water to energy and other utilities. These threats could easily go beyond crippling our healthcare system and putting patients at risk, more broadly imperiling the surrounding economy and infrastructure.

Uneven regulatory guidelines

In the era when cybersecurity threats weren't frequently hitting infrastructure, they could be addressed on a reactive basis — organizations could comfortably lean on federal legislation and industry-specific regulations to gauge whether they were adequately protected against likely digital threats.

Today, that's not the case. Consider the increasingly important area of individual digital privacy protections, where the regulatory landscape is chaotic — marked by state-by-state legislative variations and narrow regulations. Conformance is at best extremely challenging, if not unpredictable and fluid. So despite user demand and legislative need for clear privacy safeguards, 2022 will bring us no closer than we were before to a unified federal standard.

Absent that, organizations must proactively take responsibility for adopting safeguards and other measures to better protect themselves, and where appropriate, users. One viable option is to implement policies that extend beyond the minimal baselines established by federal and the least aggressive state regulations, matching or exceeding the standards of the most aggressive regulations.

Regain your footing

Standing still is not an option given the current healthcare cybersecurity landscape — in times of change, stagnant security and privacy programs are falling behind. Modern security requires constant vigilance from both organizations and their cybersecurity partners, ensuring readiness for inevitable future cyberattacks. Leaders must shift from reactive to proactive mindsets, test and validate their systems, and be prepared for attacks on a "when," not "if" basis.

The following four foundational steps will help healthcare organizations get on the right path toward a safe and secure future:

  1. Initial threat intelligence: Organizations must begin by adopting processes and technologies that illuminate both the dynamic threat landscape and the tactics threat actors are employing.
  2. Baseline modern security: After assessing their risks, organizations should adopt modern security measures, including multi-factor authentication and privileged access management, to create a threshold level of security. 
  3. Training and planning: From the ground floor up to the C-suite, the simple act of training staff will ensure every employee understands the risk and gravity of modern cybersecurity threats. Response plans should be drawn up before potential breaches, and key players must know who needs to be contacted immediately, including law enforcement and local, state or federal agencies.
  4. Testing: Healthcare systems use unique application programming interfaces (APIs) to exchange records and data. APIs should be thoroughly tested before they are trusted in healthcare systems, enabling communication while preserving internal security measures.

Threat actors never rest in today's world — cybersecurity threats are growing more challenging every day. Dollars spent responding, reacting and recovering are simply not being used wisely or productively.

As times have changed, healthcare systems must change with them — that means doing more than annual risk assessments and occasional tests. Going forward, organizations and their technology partners must take responsibility for deploying robust, thoughtful technologies and procedures, as well as regular testing and validation of systems. These measures are the best ways to meet modern cybersecurity demands, while properly preparing organizations for whatever's to come.

KEYWORDS: cyber security education device security health care security healthcare cybersecurity supply chain threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ben Denkers is Chief Innovation Officer at CynergisTek.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Nurse points to medical device

    A 3-step approach for healthcare organizations to elevate cybersecurity

    See More
  • network-security-freepik1170.jpg

    Nation-state attacks are hard to spot. It’s time for a new approach to threat detection

    See More
  • Five hands circled together

    The new normal: How to embrace a cultural approach to zero trust

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing