The following is a guest article by Dr. Guru Gurushankar, SVP & GM, Healthcare & Life Sciences at ColorTokens

Healthcare’s primary mission is to ensure patient safety and deliver uninterrupted patient care. However, in light of the recent UnitedHealthcare data breach affecting over 190 million patients, it is imperative now more than ever for healthcare organizations to reassess their security strategies.

In 2024 alone, there were 387 documented cyberattacks on hospitals, with 69% of healthcare facilities experiencing care disruptions. A University of Minnesota study even found a 35% increase in mortality rates among admitted patients as a direct consequence of cyberattacks. Additionally, between 2023 and 2024, the U.S. Food and Drug Administration (FDA) reported a total of 68 medical device recalls related to cybersecurity vulnerabilities.

These recalls were initiated to address potential risks such as unauthorized access, data breaches, and disruptions to device functionality that could compromise patient safety. These revelations highlight a security gap in the healthcare industry that IT leaders at healthcare organizations need to urgently address. Exhaustive cybersecurity measures are no longer merely a “nice-to-have,” but a “must-have” feature that ensures patient safety and uninterrupted and continued operations of a hospital system.

Previously, the finance sector had been a primary focus for bad actors for quick and direct monetary gain. Now, the attention of hackers has turned towards the Healthcare industry. The reasons are:

• Healthcare facilities cannot ‘take a break,’ they cannot take time off to recover from a breach and return after a small window
• They involve critical patient care continuation, which cannot be interrupted
• They involve personal health information (PHI), which no one wants to be exfiltrated

Healthcare has been lagging behind the financial sector when it comes to cybersecurity regulations and investments, making it a prime target for cybercriminals. Last year, the average cost of a healthcare data breach reached nearly $10 million, significantly higher than a data breach in the finance sector, which was $6.1 million on average. With hospitals already facing financial constraints and profitability pressures post-COVID-19 pandemic, the impact of costly cyberattacks is only exacerbating these challenges. Healthcare professionals should be able to focus on delivering uninterrupted patient care without the added burden of cybersecurity threats.

Government Initiatives to Enhance Cybersecurity

The government has taken notice and initiated more robust security measures within healthcare facilities. Specifically, the Department of Health and Human Services (HHS) recently proposed updates to the HIPAA Security Rule requiring specific security upgrades, including regular compliance audits, risk analyses, and implementing network segmentation, among others, to better protect patient data. 

In 2023, the FDA also introduced a new regulation to enhance the cybersecurity of medical devices. This mandates that medical devices are designed, developed, and maintained with specific cybersecurity measures to protect against potential cyberattacks. Although this improves the development and security of medical devices going forward, it does not apply to legacy devices within hospitals. These initiatives mark significant steps towards fortifying the healthcare sector against cyber threats, ensuring better protection for patient data and medical infrastructure.

How to Be “Breach Ready”

Nearly every organization has taken steps to stop breaches. All 387+ healthcare organizations breached in 2024 had invested hundreds of millions of dollars in their cybersecurity. Despite this, how/why did they get breached?

The perimeter-based approaches (firewalls, EDRs, NACs, etc.) are all deployed to ensure that only the right individuals with the right authorization have access (north-south traffic). But once access was gained (unauthorized access using authorized credentials), the hacker could move around freely within the network (east-west traffic).

As of 2023, insider threats were responsible for approximately 31% of all data breaches, indicating that nearly one-third of breaches originated from authorized credentials of individuals within organizations, such as employees, contractors, or business associates. Further, 55% of insider-related incidents stemmed from employee negligence, including actions like mishandling sensitive data or falling victim to phishing attacks – attacks that the strongest of the perimeter protections would not be able to stop.

This highlights a critical piece that is missing today in most organizations. While several state-of-the-art tools are in place to monitor and permit the north-south traffic, nothing is present to prevent the east-west traffic (i.e., lateral movement). Investments have been made to prevent breaches. But they need to be augmented with investments made to contain breaches – i.e., the prevention of lateral movement, via microsegmentation. Traditional perimeter protection methods stop breaches, while microsegmentation contains breaches.

This combination of stopping and containing the breaches results in breach-readiness, where only authorized east-west network traffic is permitted, and all other unauthorized traffic is denied – a true Zero Trust state. A combination of the EDR solutions with microsegmentation solutions is an easy and elegant way to achieve Zero Trust. Such solutions ensure that the organizations get to compound their returns from their EDR investments by natively integrating micro segmentation, resulting in full breach-readiness.

Organizations must assume that their networks will eventually be breached and shift their focus from breach-prevention to breach-readiness, i.e., continued operations and establishing business continuity even in the face of a breach. Only through this mindset of breach-readiness will CIO/CISO/CFO/CEO get their peace of mind and ensure that hospitals deliver uninterrupted patient care.

Healthcare security presents a unique challenge for IT and business leaders as providers must secure EHR systems, medical devices, and other vital technologies from both external and internal threats. For example, Epic systems, widely used for managing electronic health records (EHRs) and patient data, are prime targets for cyberattacks. 

To protect Epic systems and its various modules housing patient data, healthcare organizations must reduce the impact of an attack and prevent lateral movement of malware within their network. This can include segmenting the data servers hosting Epic modules and application servers, cache databases, workloads, and ancillary systems into smaller protected groups/segments organized systematically by role, function, location, and other attributes. This will build a Zero Trust network that inherently has breach-readiness.

Beyond core applications, medical devices, IoMT devices, shared workstations, and legacy Windows systems must be safeguarded without disruptions to daily workflows and patient care. Gone are the days when OT microsegmentation was unheard of.  Today, OT microsegmentation can be achieved through a gatekeeper and an agentless deployment of granular, policy-driven controls for these critical assets, irrespective of their vintage. This prevents bad actors from proliferating malware beyond their initial entry point, while permitting the medical devices to talk to their OEM vendors for patches, software updates, security updates, etc.

Network Breach-Readiness Delivers Hospital Operational Resiliency

By granularly implementing Zero Trust policies and network microsegmentation, healthcare organizations can elevate their security posture and simultaneously comply with and document compliance with the new HIPAA regulations. Even in the absence of regulations, such a breach-readiness approach ensures healthcare facilities run smoothly, delivering uninterrupted clinical care. Preventing and containing hospital cyber breaches — resulting in clinical care disruptions, business disruptions, financial losses, and reputational damage—is a necessity that healthcare organizations can no longer afford to ignore.

In conclusion, Healthcare cannot afford to ignore cybersecurity. With increased attacks on healthcare, the time to act is now. With the increased availability of innovative microsegmentation solutions and/or the combination of EDR and microsegmentation solutions, there are good options in front of healthcare customers. The time to act is now! 

About Guru Gurushankar

Dr. Guru Gurushankar is a global healthcare and life sciences leader with 30 years of experience in the healthcare industry. He currently serves at ColorTokens, where he focuses on leveraging his extensive healthcare knowledge to support the company in serving industry verticals, particularly focusing on healthcare and life sciences customers worldwide. Previously, he led Corporate Development at Royal Philips, overseeing strategy, M&A, and partnerships. He also headed AWS Healthcare’s medical device practice and served as VP & GM at Cardinal Health. Earlier, he held key roles at Johnson & Johnson and GE Healthcare. Dr. Gurushankar holds a PhD from Michigan and an MBA from Wharton.