Recently, I had the pleasure to connect with Health IT Security’s Jessica Davis to chat about the future of our industry in the age of COVID-19. Alongside Forescout’s Chief Product and Strategy Officer Pedro Abreu, we discussed a variety of topics springing out of Forescout’s recent “Enterprise of Things Security Report” that found more than a third of workstations in healthcare operate on unsupported versions of Windows, as well as a host of other vulnerabilities found in everyday medical devices.
Jessica’s piece, “COVID-19 Cybersecurity: Building Resilience Beyond the Crisis,” focused on the key point that we are facing a rapidly changing threat landscape in healthcare, and one that promises to only become more complex as hyper-connectivity becomes the norm and an increasing amount of devices connect to our hospitals and health networks.
Nowhere was this more apparent than the recent coronavirus response. As COVID-19 swept across hospitals, so did an increasing amount of attacks against healthcare organizations, with malicious actors seeking to exploit unsecure devices, obtain valuable research from healthcare and pharma entities, and overall, disrupt the critical operations needed to battle this dangerous disease.
Now that we’re operating in a post-COVID-19 world, it’s apparent that the pandemic will prove to be a catalyst changing how we critically evaluate healthcare security– not only in the methods we use to protect our medical and IoT devices, but inventory and deploy this technology as well.
As I said to Jessica, “Healthcare will get reorganized to tackle the pandemic, but even after the crisis, the connectivity trend and new attack surface will be out there. And given the connectivity of new devices introduced on the network, especially around telehealth, it will exacerbate the problem or even cause new cybersecurity issues.”
While the initial reaction might seem to be pessimistic, the good news is that each day we are becoming more attuned to what needs to be accomplished, and further, the urgent need to work in closer concert with our industry peers. We know that we need improved asset visibility and management – including clinically vetted security measures – and that the protocols created for other industries cannot be leveraged as one-size-fits-all solutions in healthcare.
Our team is working hard every day to help healthcare organizations plan and strategize around the new security paradigm they’re facing, specifically, by moving the conversation beyond visibility of what’s connected to the network, to delivering actual, validated insights that drive actions to protect patients and improve medical care.