Healthcare leaders unite to tackle cybercrime

Healthcare leaders have come together in a new advisory council to help combat the growing security challenges facing the sector.

US-based Cylera, the producers of a medical device cybersecurity platform, has formed The Cylera Cybersecurity Advisory Council which, it claims, is comprised of CISOs, CIOs and CTOs from major healthcare providers and hospitals as well as private sector companies.

According to Cylera, the council will meet at least four times a year to share best practice, insight, and to address and tackle the myriad of security challenges, particularly within interconnected healthcare systems.

One council member, Brian Tschinkel, CISO at Weill Cornell Medicine, an academic health system in New York, said that cyber threats to the sector are “among the most sophisticated and targeted across any industry”.

“Healthcare networks are incredibly complex with interconnected medical and IoT devices that caregivers rely on to deliver the highest level of care to their patients. It is mission critical for hospitals to have visibility of their attack surface and therefore visibility into all connected assets to help secure their organisations.”

According to IBM, the average cost of a data breach in the global healthcare sector amounted to $10 million last year. Over 80% of UK healthcare organisations experienced a ransomware attack and two-thirds had to cancel patient in-person appointments as a result.

The sector is particularly vulnerable to ransomware gangs and last October three US government bodies issued a joint warning about a ransomware gang known as the Daixin Team that was specifically targeting the US healthcare firms.

The potential cybersecurity risk to the sector is anticipated to get worse as digitalisation increases with spend on tech such as IoT in the sector predicted to reach $54 billion by 2029, according to Cylera CEO Timur Ozekcin.

Ozekcin said: “Remote user access, unsegmented and potentially unmanaged networks, legacy operating systems and limited visibility into IoT device risks are just some of the security challenges keeping healthcare leaders and heads of hospital IT awake at night as they try to navigate the complexities of today’s interconnected device landscape.”