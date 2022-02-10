In 2021 more than 40 million patient records were compromised, according to the federal government, and new breaches continue to grow, as seen on this database maintained by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

Part of the attraction for criminals is that healthcare data — electronic health records, in particular — sell for as much as $1,000 on the dark web, a platform where cybercriminals buy, sell, and trade illicit data and services. The pandemic also made healthcare a prime target for ransomware. Beleaguered providers often paid to restore access to their systems and data because they didn’t have the security resources or the time to obtain them with patient care on the line.

And cyberattacks demonstrably affect patient care. According to this Insights Report from the Cybersecurity and Infrastructure Security Agency: in the short term, cyberattacks may disrupt the ability for healthcare systems to access electronic health records (EHRs) and network-based services—such as cardiac and oncology technology, which reduces capacity, potentially requiring diversion of critical patients. Access to EHRs may remain limited long term, complicating care for patients whose records determine treatments. Without EHRs, healthcare workers spend more time tracking a patient's health history, reducing the number of beds staff can attend to and potentially leading to worsened outcomes as patients waiting for availability may not get treatment or test results in time to effectively treat their illnesses. Even weeks or months after an attack, hospital systems may still have to delay diagnostic and long-term care services due to data losses.

Sadly, this problem is global. “Healthcare is targeted by repeated campaigns of cyberattacks, cyberespionage, and disinformation,” according to the CyberPeace Institute, a non-profit, international organization headquartered in Geneva, Switzerland. “These attacks have a cost on all fronts: resources dedicated to fighting COVID-19 are crippled, patients’ safety is impacted, sensitive data is stolen, and overall, society loses trust in its healthcare system.”

How Zero Trust works to protect healthcare organizations from cyberattacks

Zero Trust is a security framework based on two simple concepts: “never trust, always verify” and “always assume a state of breach.” The first concept refers to people entering your organization’s network or applications, the second refers to lateral movement once they are inside.

Zero Trust is not a single technology but an architecture your organization can build to move from poor information security to better information security over time. It is often misunderstood as a security awareness and training strategy, when in reality the vast majority of end users in your organization do not need to understand or even know about Zero Trust to vastly improve cybersecurity.

Here’s how it works: Malware (which, among many other things, can scrape data or encrypt data and hold it for ransom) gets in by phishing for and then using stolen login credentials or by exploiting a vulnerability in an exposed server. Once in, malware then moves laterally to find high-value targets. It can do this because when legitimate users enter a network, they can access all kinds of files and data that they never use. This freedom within the network means that cybercriminals, once inside, can also travel wherever they need to go to find valuable data.

Zero Trust eliminates this vulnerability by gradually changing your security architecture from one based on network access to one based on application access. This means that users can access only those applications that they need to access—and only after they have been strongly authenticated and authorized. There is no more inside and outside. No more perimeter or VPN needed for remote access. In fact, everyone and everything is treated as if it is remote access. This is important because as healthcare providers migrate applications and workloads to the cloud and increasing amounts of data are shared over applications, vulnerability to cyberattacks grows.

With Zero Trust access, legitimate users cannot even see applications or relevant parts of the network unless and until they have been authenticated and then granted access. In addition, they are automatically blocked from accessing phishing or malware distribution sites (if lured there), and malware is automatically blocked from accessing a network’s command and control. With these basic mechanisms, Zero Trust makes it much harder for malware to get in. To stop malicious actors from spreading malware once inside, microsegmentation can be used to halt movement similar to the way the compartments of a submarine stop water from flooding and sinking the entire vessel.

Most simply put, a Zero Trust security model implements very tight access control to ensure that access is granted only to strongly authenticated and authorized users and only to applications they need to do their work. In this constantly shifting cybersecurity landscape, a smart strategy also includes microsegmentation to combat ransomware and other threats that do make it inside, so that your organization is always protected. Start your journey to Zero Trust here.

Bridget Meuse is a senior industry marketing analyst for Akamai. She identifies key trends and tells data-driven stories about Healthcare Life Science and Environmental Sustainability to connect Akamai solutions with each industry’s most pressing security concerns.