The impact of the COVID-19 pandemic on healthcare providers can’t be overstated. Added to the stresses of overwhelming patient numbers, threat actors have stepped up the volume and sophistication of cyberattacks on the sector. This has shifted the cyber threat landscape.
Why? Because they’ve found increasing vulnerabilities. The shift to working from home and a hybrid workforce has increased healthcare networks’ attack surface. And as organizations have adapted their systems and processes to meet needs during the pandemic, increasing compliance risks have come into play.
In March 2022, Morphisec CTO Michael Gorelik spoke on an expert panel at the Cyber Security Healthcare & Pharma Summit discussing these issues.
Once an attacker is inside a network, they typically have plenty of time to wander around and decide what they want. Based on Morphisec’s recent incident response engagements, attackers are inside an organization’s network for four to six months on average.
The payoffs for these advanced attacks are large. The ransomware business model has become very lucrative as threat actors continue to find ways to bypass existing security controls. Ransomware attacks now happen every 10 seconds, with successful attacks costing an average of over $4 million. That’s made up of $2 million in the actual ransom paid, and another $2 million in remediation costs. (Plus brand damage, which—while harder to quantify—is severe.) Exacerbating the issue, half of successfully attacked healthcare companies have paid the ransom.
Given the advanced nature of these attacks, healthcare organizations need innovative solutions that help reduce their attack surface and make it harder for attackers to breach their networks. So where do you start? Healthcare needs a defense-in-depth approach. The detection and visibility offered by antivirus and endpoint detection and response solutions are not enough. Healthcare organizations must focus their attention on minimizing response time, shrinking their attack surface, and preventing attacks, rather than just responding to them. For more, watch the five-minute video: Evolving Cyber risks in a Covid-19 World.
