Cybersecurity in 2022: password-less authentication, zero belief, blockchain and extra

Almost a 3rd of hospitals and well being programs are planning to implement biometrics (29%), digital forensics (28%) or penetration testing (28%) inside the subsequent 24 months, in response to new HIMSS analysis. (HIMSS is the father or mother firm of Healthcare IT Information.)

Nevertheless, 43% say funding is conserving their organizations from executing on safety challenges they’ve, the analysis reveals. This isn’t good as healthcare stays a main goal of cyber criminals.

So Healthcare IT Information has interviewed a cybersecurity skilled to get his views on the place healthcare cybersecurity might be headed in 2022. Manoj Srivastava is common supervisor of safety, ID Agent and Graphus at Kaseya, a vendor of IT administration software program.

Q. What do you see on the horizon in 2022 in terms of technological advances in healthcare cybersecurity?

A. There are at the very least three technological advances that can apply to healthcare cybersecurity and throughout different industries as effectively. They’re password-less authentication, safe entry service edge (SASE) and nil belief.

Will passwords lastly grow to be a factor of the previous? Presumably. The usage of password-less authentication is rising, as it may assist healthcare organizations scale back safety dangers related to passwords.

Eliminating passwords can scale back the chance for a knowledge breach since compromised credentials account for a big proportion of breaches. There are numerous methods to confirm id apart from passwords, together with biometrics, reminiscent of fingerprints and one-time passwords, which require customers to enter a code that’s both emailed or despatched by way of SMS or used with an authenticator app.

An SASE combines SD-WAN and safety into cloud computing, and is shortly changing into a VPN alternative for distant work and distributed places of work. Safety consists of digital id, which can be related to an individual, machine, cloud service, software program and even an IoT system. SASE makes it safer with out the complexity and latency of the standard WAN/VPN strategy.

Lastly, zero belief is a shift of community defenses towards a extra complete IT safety mannequin. It’s about not trusting any person or any machine even whether it is already related to the company community.

Anytime a brand new useful resource is requested by related customers and units, re-authentication is required. Zero belief is a safety mannequin or a safety structure. Merchandise supporting numerous safety controls in a community are actually supporting zero belief.

Q. What is going on on within the tech aspect within the cybersecurity area? What new applied sciences/methods are rising?

A. There are two rising applied sciences, homomorphic encryption and blockchain, whose affect on the safety of the healthcare trade is especially attention-grabbing.

Homomorphic encryption (FHE) allows folks to collaborate concurrently with out revealing confidential information. By utilizing an encryption scheme, customers can run duties on encrypted information producing the identical encrypted outcomes as in the event that they had been utilizing plaintext.

Typical strategies of dealing with delicate information with collaborators could also be in danger. When recordsdata are despatched, they might be encrypted, however as soon as in use, they’re decrypted offering dangerous actors with alternatives to entry the info.

FHE eliminates this by permitting folks with entry to control the info, conserving it encrypted and lowering the time it’s decrypted. One other function of this know-how is that it may prohibit decryption entry so folks can view solely the components they have been granted entry to.

Protecting medical data safely saved and guarded has lengthy been a precedence, and problem, for healthcare organizations. Blockchain tech might make it a bit simpler to realize whereas minimizing fraud and the prices related to it.

Via blockchain know-how, sufferers can entry their medical info by way of a collective community. This know-how permits for higher safety and privateness. Moreover, the data can be housed on a single, trusted platform the place physicians and different medical personnel may entry the identical information. Updates can be out there instantly to everybody directly probably revolutionizing affected person care.

Q. What does the subsequent yr seem like in terms of ransomware, and the amount of malicious assaults? And what ought to healthcare supplier organizations be doing to arrange?

A. The industries most impacted by ransomware are the general public sector, skilled companies and healthcare. Along with the notion these industries pays ransom, they have an inclination to retailer massive quantities of knowledge and security measures are not so good as they need to be.

Backside line – no trade is immune from ransomware assaults, however these are essentially the most weak. Additionally, corporations with 1,000 staff or fewer account for almost 70% of ransomware assaults. With rising variants at all times on the rise and assault vectors getting extra refined, it is protected to say ransomware assaults will proceed to plague healthcare suppliers and society as an entire.

There are three attention-grabbing elements at play – the U.S. authorities is set to go after cyber criminals behind ransomware; there may be elevated worldwide cooperation; and new rules may get authorized to trace bitcoins and different digital currencies.

All collectively, these ought to deliver down the variety of high-profile assaults focusing on important infrastructure, together with healthcare. However cybercriminals will not be going to go away that simply. They could simply change their techniques. As an alternative of focusing on bigger organizations and demanding seven-figure ransoms, they may simply goal a bigger variety of smaller organizations and demand solely five- and four-figure ransoms to remain under the radar of legislation enforcement businesses.

To arrange, organizations ought to carry out common information backups and integrity checks of these backups, and supply safety consciousness coaching to staff to keep away from phishing and different social engineering techniques.

Moreover, there must be a patch administration system and self-discipline in place. Lastly, limiting privileges to entry recordsdata and directories additionally is important to mitigate lateral motion of attackers in the event that they had been to breach non-privileged person accounts.

Q. What different cybersecurity developments do you suppose might be vital for healthcare in 2022?

A. Because the Web of Issues continues to develop its attain in the true world, together with the medical discipline, IoT safety may also have to be prioritized by healthcare suppliers. Hundreds of units that comprise the Web of Issues should be protected – that features objects chances are you’ll discover in hospitals and healthcare facilities, reminiscent of infusion pumps and distant affected person monitoring units, amongst others.

As tech expands, different clever medical tools additionally will have to be safeguarded, in addition to issues we might use every single day, from good elevators to good HVAC programs.

Twitter: @SiwickiHealthIT

E-mail the author: bsiwicki@himss.org

Healthcare IT Information is a HIMSS Media publication.

You may also like...