Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime
Where the Healthcare Sector Lags in SecurityChristiaan Beek, Trellix Threat Analyst, Discusses Research Study
The healthcare sector is still behind many other critical infrastructure sectors in implementing critically important security technologies to protect against the rise in potentially devastating cyber incidents, says threat intelligence analyst Christiaan Beek of security firm Trellix.
Despite growing cyberthreats facing critical infrastructure industries, certain key security technologies, including multifactor authentication, endpoint detection and response, and extended detection and response tools, are being largely underutilized by healthcare sector entities, he says in an interview with Information Security Media Group in which he discusses findings from a recent Trellix research study.
The study examines the state of cyber readiness in U.S. critical infrastructure sectors and government agencies.
Complicating security challenges in the healthcare sector, the COVID-19 pandemic has fueled deployment of other technologies - such as those supporting patient care - over the adoption of certain security tools and measures, Beek says.
Nonetheless, "you would expect that if you're dealing with a lot of patient or medical information that is very personal, that this is core [security] technology that you would expect to be more implemented.
"Healthcare is about people. Patients in a hospital … nurses at the patient bedside … and all the surrounding systems to support the care of the patients," he says, adding that a rise in cyber incidents, including ransomware attacks on many hospitals, has resulted in the shutdown of IT systems, causing postponed or canceled patient procedures.
"This is not the ideal situation you want to be in in society. … You can't afford to have less network visibility," he says.
In the interview (see audio link below photo), Beek also discusses:
- Cybersecurity trends in other critical infrastructure sectors, including energy;
- The state of cybersecurity in U.S. government agencies;
- Other findings from Trellix's recent cyber readiness research report.
Beek is lead scientist and senior principal engineer of Trellix Threat Labs, a role in which he leads strategic threat intelligence research. Previously, Beek was director of threat intelligence at McAfee Labs and director of incident response and forensics at Foundstone, McAfee's forensic services arm.