Research from Trend MicroTM and HITRUST® – including the HITRUST Cyber Threat XChange, which detected and shared early indicators of compromise for WannaCry – suggests that healthcare environments may not be any more secure than before the event occurred. Rather, the attack surface has expanded as healthcare organizations continue to adopt new technology or connect new devices to their networks.
Perhaps more troubling than the device and network issues uncovered in the report are the types and volumes of data also exposed to a number of EHR/EMR/Imaging systems, databases, and applications. In fact, it was discovered that at any one point there could be between 50,000-80,000 exposed systems inside hospitals/clinics worldwide, making them potential targets for attacks.
Additionally, the report explores in-depth the hidden, and often overlooked, threat of the healthcare supply chain; the vast number of third-party vendors and providers that make the health system operate on a daily basis.
With the overall level of vulnerability still very high and attack vectors continuing to grow, this research also points to the need for healthcare organizations to adopt a cybersecurity framework – a need that has never been greater. Independent industry surveys point to more healthcare organizations adopting cybersecurity frameworks and prioritizing risk assessments as a priority in 2018. The same surveys rank the HITRUST CSF® as the most widely adopted control framework in the healthcare industry; a welcome sight for those that have already adopted a framework and are looking for transparency and consistency throughout the healthcare ecosystem.
To learn more about the research report, click here to read the HITRUST blog analysis.
To download the research report, titled Securing Connected Hospitals, A Research on Exposed Medical Systems and Supply Chain Risks by Trend Micro’s Forward-looking Threat Research (FTR) Team in partnership with HITRUST, click here.