As we head into 2022, we asked the Healthcare IT Today community to share some predictions for the new year. I always find it interesting to learn what people think is coming down the road. Be sure to check out all our Health IT Predictions.
There’s no topic in health IT that keeps healthcare CIOs more than security. It’s likely one of the most challenging problems any CIO faces. Plus, if they do a great job at it, no one will know what they did. However, if they fail, everyone will know. That’s a challenging recipe for any leader. However, the trust of patients depends on the success of CIOs and CISOs to protect patient information. Given this, hopefully we can help you get a peak into what healthcare cybersecurity will look like in 2022.
Here’s a look at some of the 2022 healthcare cybersecurity predictions we received:
Drex DeFord, Executive Healthcare Strategist at CrowdStrike
- 2022 has more ransomware that previous years – more activity is the result of success + little risk to adversary.
- Data exfiltration will get new emphasis this year – the “extortion e-crime economy thrives – privacy regs/laws will ramp up across the board — the fines/penalties for losing data becomes a new painful motivator to build better security programs.
- API’s are more exploited that previous years, driving new attention to how they’re written/secured.
- Data-sharing, AI, & aggressive analytics approaches means more consolidated data, in more places, making the “crown jewels” even harder to protect using antiquated cybersecurity models.
- Identity Protection becomes paramount. Adversaries are now “logging in” vs “breaking in” because of the availability of credentials on dark-web “Access-Broker” sites; protecting flawed Active-Directory becomes critical.
Leon Lerman, co-founder and CEO at Cynerio
While cyber attacks on critical infrastructure – such as the Colonial Pipeline and a Florida water plant – created a lot of buzz this year, last year we saw a 123% increase in the number of ransomware attacks on the healthcare industry – a trend that has unfortunately continued to plague the healthcare industry throughout 2021. Worse yet, attacks on hospitals have turned deadly. A recent Ponemon Institute report found that ransomware attacks on healthcare providers can lead to increased mortality, and the first ransomware-related fatality in the U.S. was recently reported at Alabama-based Springhill Medical Center.
As we head into 2022, it is likely we will see an increase in both the sheer number of attacks on hospitals as well as severity. It will be critical for hospitals to have proactive response strategies in place to prevent attacks and ensure continuity of care in the event of an attack. Additionally, more government intervention is needed – as has been the case for cyber attacks like that on Colonial Pipeline – to ensure hospitals are prepared with the tools they need to address the evolving threat landscape in healthcare. It could be the difference between life or death.
Sam Munakl, CEO at Cytek
A rise in cyberattacks in healthcare
Healthcare was a favorite target of hackers in 2021 and will continue to be in 2022. More than 40 million patient records were known to be compromised last year with many more cyberattacks within the sector suspected of being unreported. Expect attacks on healthcare providers to become more targeted and sophisticated in 2022. Bad actors will use what they have learned during the pandemic attack surge to shift from a mass targeting model to a one-target strategy. With this tactic, there is more up-front profiling and analysis of a hospital’s weaknesses, vulnerabilities, and potential payouts.
Ryan Witt, Resident CISO, Healthcare at Proofpoint
Ransomware was the overarching theme of 2021. That wasn’t a surprise, as we saw the breadcrumbs throughout 2020 with the huge increase in downloaders that indicated ransomware would explode this year. What wasn’t so clear was the highly-publicized damage inflicted upon organizations large and small, both in terms of cost and reputation.
We also saw high-profile assaults on the supply chain, ranging from SolarWinds to Microsoft Exchange. Although these attacks aren’t new, their impact on critical infrastructure heightened visibility of the supply chain’s vulnerabilities.
Many of the attacks we’ve seen over the past year have been people-centric, requiring human interaction to succeed. This trend, that began with the pandemic and work-from-home employment, escalated in 2021. Social engineering, deep fakes and other impersonations, misinformation, and sophisticated phishing attacks increased, taking advantage of hybrid workforces and intensified emotions.
These three areas – ransomware, supply chain attacks, and people-centric security issues – will continue into 2022, but may impact organizations in different ways.
Supply Chain Security
Supply chain security will be vital in 2022, particularly in the need for improving security because of Application Programming Interface (API) compromise.
APIs move data to the cloud and accelerate integration between solutions, the DevOps process, and more powerful applications. So, we’ll see a rise in malicious apps connecting through APIs. They will attack specific APIs in order to compromise the broader supply chain. We haven’t experienced a lot of these API threats yet, but that will likely change in 2022.
Threat actors will also exploit vulnerabilities within the supply chain and use these weaknesses to infiltrate different environments, so we’ll see more attacks like SolarWinds. Organizations always look to innovate. The software supply chain facilitates transformation. But cybercriminals innovate too. They understand how companies leverage various internal tools, whether they be security tools or IT tools. They seek gaps in the umbrella tools to get closer to corporate data assets. In attacks like SolarWinds, threat actors took this to a new level, allowing them to compromise multiple organizations simultaneously. This will lead to bigger and larger scale data breaches.
The Human Element
The human element has always played an important role in cybersecurity. That factor will come into greater focus, but not always in the way one might think. People have become the perimeter, so the human part of security must take form in distinct shapes: as a shield against an adversary, as defender, and as facilitator.
As an adversary, the insider threat has been around for a long time. With many organizations keeping some level of remote work into the next year, they must improve insider risk monitoring. Threat actors have a growing arsenal of tools to lure users into doing the wrong thing. Remote workers have picked up poor security behaviors, which adds to their employers’ risks. And, malicious insiders find it easier to act when using personal devices away from the office.
Organizations have also been impacted by the Great Resignation. While there was already a cybersecurity skills shortage, now, as cybersecurity professionals leave their jobs because of burnout or better offers, the talent gap is widening. There will be a strong competition to find people with the right skills, and so long as jobs go unfilled, there will be fewer people to defend against attacks.
As facilitators, we will start seeing more automation around behavioral analytics. We can’t effectively protect our organizations without honing worker behavior. Adaptive controls can mitigate risks caused by people inside the company and detect potential threats from anywhere.
Ransomware, Data Breaches, and Governance
Ransomware will continue to cause significant challenges. Companies will experience data breaches. As more organizations continue the digital transformation journey, and they adopt new cloud solutions more broadly, there will be new ways for threat actors to leverage the cloud to their advantage.
This evolving threat landscape will demand regulatory challenges and changes. They will come in different forms.
There will be new cloud governance constraints. We’ve reached the point where standard breach notification requirements are crucial. Different industries and different states can no longer work under their own special procedures because security teams don’t know whose rules come first. It causes confusion on how to respond. That needs to change. The regulation landscape is too fragmented to enable operational effectiveness and timely notifications.
Cyber liability insurance is the second piece to corporate governance. Third-party coverage focuses on security liability and regulatory fines. But you also need coverage for the costs of breach responses, crisis management, and supply chain damage and restoration, as well as shelter for fourth, fifth, and sixth-party risk. As expenses climb, we’ll also see an increase in self-insurance for cybersecurity protections, which may cause new strains on general corporate finances.
If you have other predictions you’d like to share, do so in the comments so we can all learn from each other.
