CyberMDX Announces 2022 Predictions for Healthcare Security
While hospital boards start pushing for security, expect the current rate of attacks to rise and supply chain vulnerabilities to take center stage
New York, NY, November 29, 2021 — CyberMDX, a leading healthcare cybersecurity provider delivering visibility and threat prevention for medical devices and clinical networks, today announced that the company has published its 2022 predictions for the threats that face healthcare delivery organizations, medical devices and hospital networks in the upcoming year.
“It’s been a long couple of years for the healthcare industry. In the age of connectivity, the once unthreatened industry has become among the most vulnerable and targeted by hackers,” said Azi Cohen, CEO of CyberMDX. “Covid forced the accelerated integration of many connected systems. While necessary, the decisions to keep up with the demand for services often overlooked or did not address cybersecurity concerns. Over the next 12 months we can expect to see the continued fallout from those hard decisions, but also hopefully a new respect and acknowledgement for the value that security brings to the healthcare industry.”
2022 Healthcare IoT Security Predictions:
- Pandemic Experience Will Shift Attacker Strategy – Cyber-attacks on healthcare providers will become more targeted and sophisticated. Bad actors will use what they’ve learned during the pandemic attack surge to shift from a “spray and pray” model to a “bait and prey” strategy where there is more up-front profiling and analysis of a hospital’s weaknesses, vulnerabilities, and potential payouts.
- Hospital Boards Will Demand Security – With the record number of attacks over the past two years still trending up, hospital boards will push CEOs, CIOs and CISOs to reduce risk. Boards will focus on closing the largest and most likely threat vectors to reduce the likelihood of successful attacks, but will also demand new protocols be put in place to cut recovery times from weeks and months down to days or even hours to limit the losses from network and device downtime.
- Patching Challenges Will Prompt Actions – For years, hospitals have given low priority to patching or upgrading of the software on their medical devices, however as the rising number of known vulnerabilities continues to serve as one of the largest threat vectors, patching and updating software will go from an afterthought to one of the main strategies to defend against attacks.
- Expect Hackers to Explore New Vectors – With the average number of healthcare security incidents rising from 3.3 per week in 2020 to 4.4 in 2021, expect the trend to continue to rise as medical devices and other critical unmanaged IoT devices become more attractive vector targets for ransomware attacks as well as easy entry/persistence points while attacking the clinical information systems.
- Supply Chains Will Demand Priority Attention – Supply chains will dominate the news in 2022 — but not just from pandemic related supply issues. As suppliers and customers attempt to get control of the supply chain issues, we expect to see potential ripple effects across healthcare provider suppliers that will range from 1. being cyber threat entry points to 2. extending or spreading known vulnerabilities to 3. causing bottlenecks in supplies due to their own shutdowns from ransomware attacks. More attention will surface from regulators as well. (See recent US Executive Order that has mandated suppliers publish a Software Bill of Material (SBOM) for each product.)
- Cyber Insurance Requirements Will Alter Cybersecurity Strategies – Pressure will rise as cyber insurance availability and safeguards will continue to shrink simultaneously as insurance costs escalate. To help qualify for and maintain cyber insurance, we will see more and more hospitals adopting micro-segmentation as part of their Zero Trust strategy.
- Expect More Governance and Compliance – As clinical networks become more and more complex and heterogeneous, spreading from campus and branches up to the cloud, Governance, Risk, and Compliance (GRC) teams will require greater assurances. Security teams will need to respond with technologies that automate security governance and compliance, based on common security frameworks and on an end-to-end visibility basis.
CyberMDX is an IoT security leader dedicated to protecting the quality care of health delivery worldwide. CyberMDX provides cloud-based cybersecurity solutions that support the advancement of The Internet of Medical Things. The CyberMDX solution identifies endpoints and assesses vulnerabilities to detect, respond to, and prevent cyber incidents. Deployed worldwide, CyberMDX is designed to integrate with our customers’ existing environments through its scalable, easy-to-deploy and agentless solution.