As you know from our other posts, and from the video we created for the United Nation’s General Assembly this past September, we talked about how the loss of critical services for hospitals and infrastructure providers can be life-and-death – literally.
For several years the MUSH sector (that’s municipalities, universities, schools and health are) has been the primary target, with healthcare having the dubious honour of filling the number one spot three out of the past five years. Indeed, 30% of all large data breaches in this time period occurred in hospitals, and there has been a 58% increase in healthcare industry attacks since 2020.
In Canada, the world-famous SickKids Hospital had to go into code grey for two weeks starting on December 18, 2022, because of a ransomware attack. Luckily, not all procedures were cancelled, and no health records were compromised, but the impact to the children and their families was huge – especially over the holiday,
Not long before that, on September 22, 2022, Optus, which is an Australian telecom company experienced a data breach that gave cyber criminals access to the medical and personal data of 11 million people. These hackers got names, birth dates, phone numbers, home and email addresses, driver’s licence and passport numbers, along with the Medicare ID.
It’s not surprising really when you think about it, after all next to getting credentials from high net worth individuals, who have the resources to squash fraudulent activity pretty quickly, the most valuable IDs when creating new identities come from dead people and youngsters. Where better to get this information, but hospitals and, to a certain extent, schools.
It is also not surprising that healthcare would, as a result, be a focus for major technology solutions providers. Both Cisco and Extreme Networks a two of our partners with programs developed specifically for the healthcare industry.
Here is what Extreme Networks has to say, in the November 6, 2023 blog post written by Kate Chappell:
When it comes to cybersecurity and protecting your company from bad actors, the stakes are astronomical. But in the healthcare industry, it is a matter of life and death. If the network falters as a result of a cyberattack, lives are at risk if equipment is taken offline, vital patient information is lost or patient instructions are jumbled. That is why it is essential to have a strong network fortified by multiple layers that can thwart the many kinds of attacks that are possible.
Extreme’s network can boost IT agility and productivity, reimagine security with internet network features and simplify network operations. This will reduce risks and costs associated with acquiring custom solutions and paying increased insurance costs. Not to mention protecting patient data and reducing the potential risk of the failure of medical devices.
Extreme’s experts approach cybersecurity with the view that the network is a strategic asset that must be protected by many layers of security.
“When you look at the impact of cyberattacks on the healthcare industry, it really does come down to a life and death situation, as well as quality of care,” says Bill Lundgren, Director, Product Management for Cloud Operations and Architecture. “There have been recent attacks that have taken hospitals completely offline, so they’re having to do everything back in the old manual chart days, which can lead to patient care issues, even death if something’s not taken care of or charted correctly,” Lundgren says. “Not to mention, if you look at the loss of personal data, the PHI (protected health care information) is something that is even more important to protect be based on government regulation.”
The impact of the loss of personal information, beyond the physical aspect, can add to the damage. “Not only are they sick, but now potentially their ID’s been stolen,” Lundgren says.
The potential cost of a cyberattack can be catastrophic.
Most coveted amongst healthcare data is highly sensitive patient and PHI data, which are gated by federal and state regulations, rendering the “prize” for criminals that much more valuable.
Extreme’s Equipment
Extreme’s Fabric Connect can segment and protect the network with a stealth design that blocks lateral movement and prevents network breaches.
Cloud IQ delivers full-stack management of access points, switches and SD-WAN, using ML technologies to analyze millions of network and data user points, streamlining operations. It also carries numerous ISO and CSA STAR certifications making it among the most security compliant applications in the industry. And Extreme can harness the Wi-Fi 6 spectrum for emerging needs.
In recent research conducted by Extreme Networks for HIMSS, 59% of respondents ranked cybersecurity challenges in their top three organizational challenges. In fact, the healthcare industry ranks only behind education and research and government as the most attacked globally. And the footprint of the healthcare network is substantial, with respondents to the survey indicating that they are running an average of 25 mission critical applications at one time.
Further research shows that 82% of healthcare workers say they have been a victim of a cyberattack, while the industry lost $21 billion last year alone.
In one sense, says Phil Swain, CISO and Senior Director of Information Security at Extreme Networks, the healthcare industry is like any other, but in another way, it is a whole other beast due to the extent of personal patient data involved.
“You have Social Security numbers and details, but you also have patient records that contain very sensitive data. So you have to secure and control those, but by the same token, they also need to be visible to all of the clinical staff to help to provide medical treatments and support the additional operational issues,” Swain says. Another issue is the heavy use of healthcare equipment on the network.
“Think heart monitors, x-rays, cat scans, equipment that will have embedded IT in them but can’t necessarily be upgraded as a patch comes out in the same way you can upgrade just your PC. Those are calibrated and built a certain way and cannot be calibrated at a moment’s notice.”
Network as Strategic Asset
Extreme’s network solutions and equipment enable operational efficiency and agility, and they can harness the Wi-Fi 6 spectrum for emerging needs and devices. Data-driven decision-making will also boost clinical productivity and facilitate proactive issue-handling, as well as allowing for the evaluation of the impact of new applications and devices.
Taking these solutions and products into account, it is also necessary to approach your network as a strategic asset and not just technological equipment. It must also be an asset that acknowledges the danger to patients. “I think security and resiliency are likely of equal concerns. Security will bring higher penalties but shutting down the infrastructure of a facility also can have life threatening consequences,” says John Abel, CIO of Extreme Networks.
State and local government also have unique challenges in addressing cybersecurity concerns, and Extreme Networks has solutions.
Extreme’s technology can address clinical and IT staffing shortages, provide multiple layers of protection to strengthen cybersecurity, and overall, it enhances the experience for everyone. Extreme can help healthcare unlock infinite possibilities, settle technical debts, and deliver transformative results for clinicians, patients, and families alike.
.webp)