Explore All Blog Posts

HIMSS 2024 Recap  

Cybersecurity Imperatives for Healthcare in 2024 

In the wake of an eventful week at HIMSS 2024, the healthcare cybersecurity conversation has never been more complex. In 2023, a record 126 million individuals were impacted by 582 healthcare cyberattacks, marking a 186.36% surge in individuals affected from prior years. This statistic underscores the healthcare sector's urgent need to reassess its cybersecurity strategy and adjust to the growing threats from expanding connected devices and a changing threat landscape. 

The Cylera team at Cylera's booth in the CyberCommand Center
The Cylera team at Cylera's booth in the CyberCommand Center

Cylera was once again a prominent and dominating feature of the HIMSS Cyber Command Center where a seemingly endless stream of conversations and demos with industry leaders took place around the need to better secure Healthcare IoT. Cylera also hosted a very popular and successful HIMSS Executive Breakfast, with cybersecurity experts including John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association (AHA), Hussein Syed, CISO at RWJBarnabas Health, Scott Trevino, TRIMEDX's SVP of cybersecurity, and our very own CEO, Timur Ozekcin to discuss not just the challenges ahead, but present concrete strategies for more resilient cyber defenses.    

A Closer Look at Security Gaps 

HIMSS24 highlighted that there are still many security gaps for providers and vendors. It also highlighted the double-edged sword that incorporating new innovative technology can wield. The proliferation of IoT and AI shows incredible progress, but it also leaves vulnerable entry points into networks.  

AI is now everywhere in healthcare. However, its algorithms can be hacked, its learning data poisoned, and there are many ethical as well as practical security and privacy questions that have yet to be answered, as discussed in the Healthcare AI Pre-Conference. The widespread availability of generative AI has also changed the threat landscape and opened new doors for attackers to deploy unique and sophisticated cyber-attacks at scale. AI lowers the barrier for novice cybercriminals, hackers-for-hire, and hacktivists to conduct more effective access and information-gathering operations. Additionally, new techniques and advances in offensive AI enable attackers to create unique and tailored ones to a specific victim's environment. Thus, making them much more difficult to defend against. 

IoT devices continue to expand across the healthcare sector, with investment in healthcare IoT forecast to reach $108.60bn by 2024 and $167.70bn by 2028. Healthcare organizations must prepare to accelerate their cybersecurity maturity model as the number of largely unmanaged connected IoMT devices accelerates growth in the attack surface of medical networks. This presents threat actors with new opportunities to take advantage of vulnerable unpatched IoT systems. 

John Riggi, Scott Trevino, Hussein Syed, and Timur Ozekcin at the Cylera HIMSS Executive Breakfast (from left to right)
John Riggi, Scott Trevino, Hussein Syed, and Timur Ozekcin at the Cylera HIMSS Executive Breakfast (from left to right)

However, those are not the only concerning elements that lead to increased cyber risk. Out of the top reported active breaches responsible for stolen patient records in 2023, only one was an actual hospital; the rest were third-party business associates and non-hospital healthcare providers. According to John Riggi, third-party risks are one of the most significant strategic risks to healthcare organizations. Cyber threat actors realize they don't need to attack 100 hospitals; they simply need to identify the aggregator with all the healthcare data. Third-party cyberattacks thereby pose one of the biggest challenges to the healthcare cyber-risk landscape.

So what can organizations do in the wake of these security gaps to mitigate risk and safeguard patient data? 

Be Proactive with Risk Management 

The key to mitigating cyber risks in healthcare organizations is taking a proactive, not reactive, approach. This means identifying potential vulnerabilities before they are exploited, constantly monitoring and updating systems, and implementing proper risk management protocols. Here are some key strategies discussed by our experts:  

  • Third-Party Risk Management: As healthcare is the most affected sector by third-party breaches, HDOs must take proactive steps to mitigate medical device third party risks by identifying risks and vulnerabilities and implementing strategies to remediate them before threat actors exploit them. This includes capturing a comprehensive healthcare IoT and connected medical device inventory, securing these devices, and utilizing AI-driven vulnerability assessment capabilities to quickly identify if devices provided by medical device manufacturers are affected by the vulnerability and require remediation based on the device manufacturer, model, operating system, software, firmware, vendor, network services, usage, and more.  
  • Managing Unpatched Devices: In our fireside chat, Scott Trevino highlights that "more than half of medical device vulnerabilities never receive a validated patch, emphasizing the critical need for compensating controls." Therefore, it is vital to have a strong relationship with external OEM vendors and utilize compensating controls like effective micro-segmentation to prevent unauthorized access to critical systems and patient data by isolating connected medical devices from other devices on the same network that do not need access to them.  
  • Utilizing Solutions with Defensive AI: With the increased advent of offensive AI, traditional cybersecurity solutions are no longer sufficient. Healthcare organizations must implement AI and ML-powered solutions that can detect and respond to these evolving threats. "Many of these Defensive AI tools are in their infancy," according to Richard Staynings, Cylera's Chief Security Strategist, "but legacy security tools are almost useless against Offensive AI-based attacks," he added. These tools must be planned and budgeted to minimize the potential attack window. 

Take Action Now to Secure Your Healthcare Organization  

Ready to bolster your cybersecurity defenses and stay ahead of evolving threats? Watch our OnDemand webinar titled “HIMSS 2024 Key Learnings and Takeaways and What to Do Between Now and the End of the Year.” Learn about the top 5 actionable insights and strategic measures you can implement from now until the end of the year to enhance your cybersecurity maturity model.  

This session is a must-watch for anyone committed to safeguarding their healthcare organization against the dynamic landscape of cyber threats.  

Watch Now to learn how to increase your cybersecurity posture.   

Recent Related Stories