How the healthcare sector is changing with congressional attention
The healthcare sector is no stranger to cyber-attacks. Even before the onset of the Coronavirus pandemic, it was battered and bruised by external threats, due in part to legacy infrastructure and outdated software. But, with COVID-19 and even harrowing geopolitical events, the foundation to launch threat campaigns is always strong, and malicious actors have fertile ground to work with.
Things have not changed, and if anything, have gotten worse. Healthcare networks are under siege not only from stressful, time-consuming conditions, but third-party attacks as well. Naturally, this has inspired serious congressional discussions about resources, bills, and protective laws to assist the healthcare sector.
Regulatory actions and legislative postulating are nothing new to the cybersecurity realm, but only in recent years has it seen significant pushes.
Two lawmakers, Senator Angus King and Representative Mike Gallagher specifically discussed not only the need for better healthcare cybersecurity resources, but identified the external threats mentioned before. Both recognize hospitals are high-value targets, since they often pay ransom to continue critical operations and protect patient data. It’s an important characteristic of cybersecurity discourse, as it identifies key weaknesses and problems absent in discussions about said cybersecurity. As it’s been said, you can’t just throw money at cybersecurity and aim to fix the problems, it’s layered and procedural.
Key Problems in Healthcare Networks
Primarily, the lawmakers identified specific problems and threats.
- Once again, relentless attacks by ransomware and third parties
- Legacy and outdated infrastructure
- Unsafe handling of data when in transfer and storage
- Recognizing the public and healthcare sector are particularly vulnerable
- Unsecured medical devices
Both lawmakers urged meetings and the Biden administration to act quickly and create additional comprehensive legislation for cybersecurity. But even with a meeting and bill and place, what really must be done to counter threats and develop comprehensive security strategies?
Threat Identification
In the healthcare sector, defense need to understand, isolate, and recognize threats before they happen. Doing so requires a mix of cybersecurity training, comprehension, and understanding of threat factors, external and internal.
Updated Old Infrastructure
Legislative action seeks to penalize outdated software, apps, and data handling. Beyond that, however, it’s critical for healthcare networks to shift into modern tech solutions, like versatile cloud options and business friendly operating systems/software.
Following Guidelines
HIPAA is still the cornerstone of protecting and preserving patient data. Even today, though, many look for ways to circumvent it, or, don’t follow HIPAA as they should, which creates numerous attack surfaces and threat problems.
Shoring Up IoT-based Health Devices
Accessible hardware is a growing convenience in the healthcare sector, giving providers the ability to track and coordinate care while monitoring patient vitals. However, these network-based devices are till internet-adjacent, which makes them prime targets for data farm attacks. Keeping these updated and running their latest firmware is an important preventive measure.
The need for increasingly complex and versatile healthcare defense is growing, but it’s a good sign that lawmakers and persons in congress are taking a nuanced, yet firm, approach to cybersecurity assistance.
