The private network of a cybersecurity business provides Zero Trust to healthcare institutions.
FREMONT, CA: For the fifth year in a row, the frequency of significant healthcare record data breaches increased in 2020, with an average cost of 7.1 million dollars per breach — the highest cost figure and perhaps the most targeted of the industries. Onclave Networks, Inc., a worldwide cybersecurity pioneer, cites this trend and other statistics in a new white paper, asking hospitals, healthcare providers, and insurers to follow Zero Trust recommendations to secure their networks.
Approximately 29 million patient healthcare and financial data were stolen by data breaches in 2020, with hackers accounting for nearly 92 percent of the total. In five years, the number of breaches involving 500 or more records in healthcare has more than doubled, from 270 in 2015 to 642 in 2020.
Experts estimate that the average hospital contains 85,000 or more gadgets, ranging from operational technologies like lighting management to medical equipment to IoT devices like heart rate monitors. According to Onclave, most cannot be easily monitored for threats or malware, resulting in many vulnerabilities.
In addition, more hospitals are utilizing telehealth and remote patient monitoring technologies. It exposes hospitals to the vulnerabilities of home or clinic networks, which are typically unprotected.
The remedy, according to Stroberg, is for healthcare institutions to embrace Zero Trust principles, as the federal government has done via Executive Order 14028 issued by the Biden Administration.
"The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses," the order states. "The Zero Trust Architecture security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity."
"A Zero Trust model always assumes a breach," Stroberg said. "It changes the old saying of 'trust, but verify' to 'never trust, and always verify.'"
Onclave Networks' execution of those concepts goes even further to what the company refers to as the "Zero Trust +" strategy. The infrastructure-agnostic private network created by Onclave aggregates secure point-to-point connections into networks according to their root of trust. It can isolate and contain threats, as well as automated management and continuous monitoring.
By grouping susceptible endpoints in cryptographically segregated groups, the Onclave Zero Trust + network secures them. It significantly minimizes the number of potential entry points for hackers and entirely removes the attack surface area of operational, technological systems, and associated devices (IoT).
Onclave's Zero Trust + network helps healthcare organizations reduce the number of vulnerable endpoints, such as heart monitors, ICUs, and lighting systems, by separating operational technology and IoT devices from the IT network and treating all access requests as unverified and requiring authorization, even if they come within the network.