Considering that cybersecurity in the healthcare sector is responsible for peoples’ lives, it shouldn’t be overlooked, and all security gaps need to be filled.
While many use traditional cybersecurity measures to protect their social media accounts, not many express concern about their health data. In reality, cybercriminals can use such information to endanger human lives. Therefore, it’s crucial to responsibly take care of digitally stored health data.
With Covid-19 shedding light for the healthcare industry regarding the importance of cybersecurity, companies in the field started eliminating cybersecurity gaps in the system.
Cybernews reached out to Azi Cohen, the CEO of CyberMDX – a company that specializes in protecting and improving healthcare organizations. Cohen shared his views about the healthcare industry, and effective security measures.
How did CyberMDX originate? What were some of your major milestones throughout the years?
Looking back to our start in 2018, the early days of development were challenging but rewarding. We had a few crazy ideas inside a clear, sensible vision. Certainly, our first product release, first customer, and first major medical device vulnerability discovery were major milestones. Beyond that, we would point to the significant improvements to our go-to-market, the results of which were amplified when our new website, tagline, and Device-Centric Risk Management (DCRM) approach all debuted. The last major milestone was our acquisition by Forescout which was the most significant because it sets us up to amplify the impact of our future goals and reach milestones.
Can you introduce us to what you do? What are your main areas of focus at the moment?
CyberMDX was founded as and continues to be a mission-based organization. We are focused on enabling healthcare delivery organizations worldwide to provide quality care by securing and protecting the systems and devices they rely on every day to treat illnesses and save lives. Our mission continues as our main area of focus but with the recent acquisition by Forescout – we will be adding to that how we contribute to and empower the Forescout Continuum platform. It expands and fully automates cybersecurity across the entire digital domain.
What are the main security threats that the healthcare industry is facing today?
The primary threat facing the healthcare industry is the massive rise in attacks against the industry. Unlike other industries, where the biggest concern is the theft of customer data, in healthcare, human lives are at risk. With the stakes so high, healthcare delivery organizations cannot afford any disruptions to their systems. Hackers know this, exploiting the higher likelihood that these organizations will pay the ransoms in the interest of protecting patient safety.
The second major issue that healthcare delivery organizations are dealing with right now is that they are forced to tackle multiple problems at once. For many years, the growing need for cybersecurity was largely overlooked. Medical devices were designed without security in mind and hospitals purchased and integrated devices without implementing any proper cybersecurity. The result is that today healthcare is in a precarious position, working to correct their mistakes and retrofit their existing devices with advanced cybersecurity, while simultaneously having to account for the new issues arising from the rapid digitization of their networks.
How did the pandemic affect the IoT scene? Have you noticed any new security issues arise as a result?
One of the major challenges that the pandemic created is that it highlighted the criticality of our healthcare systems to hackers, and unfortunately, there’s no going back. During the first wave of Covid-19, hospitals around the world were thrown into havoc as they became overrun with patients in need of critical medical attention. With the organizations’ attention elsewhere, hackers and bad actors used the situation to start exploiting cybersecurity vulnerabilities with ransomware to get a quick payday.
This is largely a new phenomenon as healthcare was previously seen as an exception, and hackers would not target healthcare facilities to threaten people’s lives. While some leading cyber gangs have ensured that this is still the case and that they would continue to not target healthcare during the pandemic, the blueprint has been set and there are still many who do not share this belief.
Since health is your main field of focus, how do you think the wellbeing industry is going to evolve in the upcoming years?
One of the primary reasons that healthcare is such a high-value target today is the overall lack of security across the industry. For many years, healthcare organizations vastly underinvested or ignored their cybersecurity needs completely and it has caught up to them. Years behind other major industries from a cybersecurity perspective, healthcare presents an easy target for hackers, but the good news is there’s nowhere to go but up.
As the healthcare industry realized the detrimental effects a hack can have on the reputation of the organization and, most importantly, human life, the discourse around cybersecurity has risen. Whereas before, only IT/Security departments worried about cybersecurity, today executives and board members are buying into the need for improved security and mandating change. The process won’t happen overnight, but over the next few years, as attitudes continue to shift, we expect to see healthcare organizations close the cybersecurity gap.
In your opinion, what aspects of our daily lives could be greatly improved by the use of various IoT devices?
Well, because we are healthcare-focused, the example that comes to mind is Remote Patient Monitoring (RPM). If someone needs medical care, the ability to treat them at home as if they are in a hospital has tremendous benefit to the average person; not to mention the overall cost of healthcare. For our daily lives, to be able to be with family 24/7 while you are being treated, to save them from the worry of being away as well as the huge time impact and stress of travel back and forth to the hospital is an obvious improvement that anyone would love the option to have.
Could you share some tips for organizations looking to secure their IoT devices?
One of the key steps that organizations must take today is adopting a "Zero-Trust" mindset. The Zero-trust model mandates that no device or person is considered secure, and every access or interaction needs to be verified. Applying Zero Trust requires identifying each device, user, or resource, authenticating them to the corporate network, and granting them the minimal access they need to function, based on a trust policy defined especially for them.
This model ensures that even within an organization, users only have network access to the systems they need to do their jobs on and not the entirety of the network. If hackers breach a file system in the records department, they don’t suddenly have a “golden ticket” to the entire network to start accessing the medical devices.
And for individual users, what security measures do you think everyone should take nowadays?
On an individual basis, one of the main keys is being cyber aware. A large issue today is that people don’t know how to recognize suspicious activity, such as phishing emails, and that makes them susceptible to simple attack methods. Becoming educated on basic cybersecurity, and practicing basic cybersecurity hygiene like not leaving your computer logged in, not having an extremely simple password, or no password at all in some cases will ensure you aren’t the easy target hackers are looking for.
Share with us, what does the future hold for CyberMDX?
As we look forward, we are now a Forescout company. Because of the acquisition, the future for us greatly expands what we had in our plans. Our journey to protect human lives is significantly accelerated with new resources and capabilities. We’ll be able to offer healthcare providers so much more to protect. We’ll continue to focus on being the best cybersecurity solution for clinical assets and yet we’ll be able to secure their IT, IoT, and OT assets as well. It’s an exciting time for our customers and from what we know we’ll be able to bring to them the Forescout Continuum platform.