Operationalizing Cyber Resilience in Healthcare


Geoff Hancock, Global CISO / Deputy CEO at Access Point Consulting

Operationalizing Cyber Resilience in Healthcare

The healthcare sector faced a staggering 156% increase in breached records in 2023. The concern goes beyond just alarming statistics: Breaches pose a direct risk to patient safety by disrupting essential healthcare services, including eligibility verification, prescription processing, and hospital discharge procedures.

Consider the ransomware attack on UnitedHealth subsidiary Change Healthcare, for example. Attackers compromised more than 100 systems, which impacted not just Change Healthcare but also the broader supply chain of hospitals, pharmacies, and medical groups. Thousands of doctors, hospitals and other health providers that depend on Change Healthcare for billing reimbursements were not paid.

The criminal actors behind the attack received a $22 million payment. The transaction, visible on Bitcoin's blockchain, suggests that the victim of one of the worst ransomware attacks in years probably paid a very large ransom. It also shows how attractive data-rich healthcare firms are to threat actors. This is but one example showing the extensive impact of cyber breaches on operational continuity, financial health, and the reliability of essential healthcare services.

2023 was the worst-ever year for breached healthcare records; with a total of 133,068,542 breached records, an average of 373,788 healthcare records were breached every day. To address these challenges, we need to rethink our approach to cybersecurity. Protection is not just about building walls; it's about creating a resilient system that can anticipate, withstand, recover from, and adapt to cyber threats. Moreover, how can we operationalize this concept in healthcare? Ahead, essential cybersecurity measures I believe must be in place to achieve operational resiliency in healthcare.

Regular Security Assessments

These involve systematically evaluating the security of an organization's information systems by measuring how well they conform to a set of established criteria. This process identifies vulnerabilities and security gaps.

What to do: Implement a routine schedule for conducting comprehensive security assessments, including penetration testing, vulnerability scans, and risk analysis. These assessments inform security strategies and prioritize remediation efforts based on the identified risks.

Employee Training and Awareness

Employees can be the weakest link in the cybersecurity chain. How easy it is for a physician to unwittingly click a phishing email at the end of a long day. Comprehensive training programs can transform staff into the first line of defense, empowering them to recognize and block cyber threats.

All staff members should be educated routinely about the latest cybersecurity threats and safe practices. Training programs should cover topics like phishing, password management, and secure handling of sensitive data.

What to do: Develop a training program that includes regular updates on new cyber threats and defensive tactics. Use engaging, varied training methods such as workshops, e-learning modules, and simulations to reinforce key concepts and encourage vigilant behavior.

Multi-Factor Authentication (MFA)

Single-factor authentication is like a lock on a treasure chest; it's not enough. Think about the ease with which a stolen password can give criminals access to critical systems. MFA, which requires that users provide two or more verification factors to achieve access, adds layers of security, making unauthorized access exponentially more complex and thereby protecting vital assets.  

What to do: Implement MFA across all systems, particularly those accessing sensitive or critical information. Ensure that policies require MFA for both internal and remote access to minimize the risk of unauthorized entry.

System Updates and Patch Management

Unpatched systems are like welcome mats to cyber criminals. Regular updates and patches end the hospitality, shielding systems from known vulnerabilities. Patching involves regularly updating software and systems with the latest fixes, hardening vulnerabilities that cyber attackers could exploit.

What to do: Establish a patch management policy that mandates the timely and systematic application of patches to all software and systems. Automate the patch management process to the greatest extent possible to provide consistency and completeness in covering all assets.

Proactive Incident Response Planning

Many organizations are caught off guard when cyber incidents occur. Without a plan, incident response can be chaotic, increasing damage and recovery time. A well-practiced incident response plan enables rapid containment and recovery, minimizing downtime and financial losses. Proactive incident response planning involves establishing a predefined strategy and procedures to detect, respond to, and recover from cyber incidents effectively.

What to do: Develop an incident response plan defining roles, responsibilities, and procedures for dealing with cyber incidents. The plan should be regularly tested and updated to ensure it remains effective against evolving threats and incorporates lessons learned from past incidents.

Integrating Cyber Resilience into Healthcare Operations

Cyber resilience is often an afterthought rather than an integrated part of operations.

In the heat of a cyber-attack, disjointed processes can lead to critical delays. Embedding cyber resilience practices into daily routines ensures seamless execution, enhancing the ability to prevent, respond to, and recover from incidents.

This means embedding cybersecurity practices and principles into a healthcare organization's daily operations and culture, ensuring that cyber resilience is an integral part of how the organization functions.

What to do: Foster a culture of resilience by integrating cybersecurity awareness and practices into everyday operational processes. This could include regular cyber resilience training, integrating security considerations into decision-making processes, and ensuring that cyber resilience metrics are included in operational performance indicators.

Embracing Emerging Technologies

Traditional security measures need to keep pace with sophisticated cyber threats. Advanced threats like AI-driven attacks can outmaneuver standard defenses. Incorporating technologies like AI and machine learning into your cybersecurity processes can provide faster, more effective detection and response, keeping healthcare ahead of cybercriminals.

What to do: Healthcare organizations should evaluate and adopt emerging technologies that can improve their ability to detect, analyze, and respond to cyber threats more efficiently. This may involve investing in AI-driven security tools, employing blockchain for secure data sharing, or using machine learning algorithms to predict and prevent potential attacks.

As we close this guide on operationalizing cyber resilience in healthcare, it's clear that the stakes have never been higher. The surge in cyberattacks and the corresponding increase in breached records underscore the critical need for a robust, proactive cybersecurity strategy within the healthcare sector. The outlined measures—from regular security assessments and comprehensive employee training to the integration of multi-factor authentication, system updates, and proactive incident response planning—are essential steps toward building a resilient healthcare system capable of not only defending against cyber threats but also swiftly recovering from them. By embedding these practices into daily operations and embracing emerging technologies, healthcare organizations can significantly enhance their cyber resilience, safeguard patient data, and ensure the continuity of vital healthcare services. It's a daunting task, but with focused effort and a commitment to continuous improvement, the healthcare sector can rise to meet the challenge.

About the Author

Geoff Hancock is a standout figure in the business and technology sectors, boasting over 20 years of extensive experience as a Chief Information Security Officer (CISO) in both corporate and government realms. He is adept at guiding organizations through the intricate world of cybersecurity, playing a crucial role in advising and enabling leaders to effectively manage their cybersecurity strategies and operations in various industries.

His expertise covers a wide range of areas, including enterprise risk management, cyber operations, and the transformation of business and technology towards enhanced digital security. Geoff's notable career achievements include his tenure as a CISO for Fortune 100 companies, where his leadership, mentoring skills, and strategic insights have significantly influenced the cybersecurity field.

Geoff is a well-recognized expert and has made substantial contributions to the development of essential cybersecurity frameworks and policies. He has played a key role in the creation of the NIST Cybersecurity Framework, CIS 18, and the MITRE Attack Framework. His influence extends beyond the private sector into national security policy, where he actively participates in shaping cybersecurity strategies.

In addition to his professional accomplishments, Geoff has built and managed 36 Security Operations Centers (SOCs) and led engineering and operations teams of various sizes. He has also developed and overseen numerous Cyber Intelligence programs for both corporations and government agencies.

As an Adjunct Professor, Geoff has created and taught content for Cyber MBA programs and courses in Cyber Intelligence and National Security at prestigious institutions like George Washington University, US Army Cyber Command, and National Intelligence University. His expertise spans multiple sectors, including finance, government, healthcare, telecommunications, supply chain, manufacturing, OT/IoT, and aviation.

Geoff collaborates closely with CEOs, Boards, CIOs, and CISOs, providing guidance in cyber operations, the business aspects of cybersecurity, and leadership. He serves as a Senior Fellow at the George Washington University Center for Cyber and Homeland Security and advises private equity and venture capital firms on cybersecurity market trends and investment opportunities.

A member of several exclusive CISO professional organizations, Geoff offers insights, coaching, and support to the CISO community. He has published articles in prominent publications like CSO Magazine, Dark Reading, and SC Magazine, and has been featured in major news outlets such as the Wall Street Journal and CNN. Geoff is also a seasoned speaker, sharing his knowledge at conferences and events on topics related to cybersecurity, business, national security, and leadership.

Before his illustrious career in cybersecurity, Geoff served as a Special Operations soldier, a Green Beret, supporting Joint Special Operations Command (JSOC) and the Intelligence community in various global deployments. His diverse background and extensive experience make him a highly respected and influential figure in the field of cybersecurity.


To Enhance Your Cyber Operations

Dangers of Unpatched Healthcare IoT and Network Systems

Dangers of Unpatched Healthcare IoT and Network Systems

It’s not uncommon for large healthcare organizations to support patients via thousands of systems––servers, network hardware, and Internet of Things (IoT) devices particular to the medical practice. Healthcare organizations are primary targets for attackers and are required to follow strict regulations to stop data breaches. HIPAA violations are costly, and unpatched hardware leaves healthcare systems vulnerable to numerous threats including malware, ransomware, security bypasses, and possible remote code execution. Patching systems with the latest update is critical to data protection and risk management, and it keeps the company compliant with HIPAA guidelines.

Find out more
Protecting Healthcare Legacy Systems with Micro-Segmentation

Protecting Healthcare Legacy Systems with Micro-Segmentation

Segmentation in network environments is nothing new. It’s common for administrators to segment the network based on logical functions and security controls. For example, the finance department is one segment, and the sales department is another segment. All segments can send traffic to email servers (for example), but user traffic does not enter finance or sales segments unless the user is authorized to access them.

Find out more
Healthcare Cybersecurity Enhancement Checklist

Healthcare Cybersecurity Enhancement Checklist

Healthcare weathered a massive increase in data breaches during 2023, with more records disclosed than in both 2021 and 2022 combined. HIPAA Journal reported that over 11 million medical records were disclosed in 2023, with most being data breaches from supply-chain vendor vulnerabilities and ransomware.

Find out more