In 2024, the healthcare industry faced an unprecedented cybersecurity crisis. Nearly 600 cyberattacks involving breaches of health data affected an estimated 259 million American citizens—meaning three out of four Americans had their private health information compromised. The largest of these, the UnitedHealth Group tech unit breach, alone impacted 190 million people.
As someone who has dedicated their career to cybersecurity, I find these numbers not just alarming, but unacceptable. We’re not talking about simple data points; we’re talking about infrastructure that affects human lives on an existential level. When a ransomware attack hits a hospital, it’s not just an IT inconvenience. It’s a matter of life and death.
Our conventional security paradigm is failing healthcare, and it’s time we address the broken philosophy behind it. Despite following industry-standard frameworks and investing millions in cybersecurity tools, healthcare organizations remain vulnerable. The philosophy that has guided our defenses for decades requires a fundamental shift; one that protects patients, providers and the healthcare system as a whole.
The current cybersecurity paradigm is failing healthcare
The healthcare and pharmaceutical industries are under relentless attack, and with healthcare ranking as the third-most targeted sector for ransomware worldwide, the situation is dire and worsening. Last year, the average cost of a data breach in healthcare reached $9.77 million, but the impact goes far beyond financial damage. When a hospital’s systems are compromised, patient care is directly affected. When private health data is leaked, it’s not only a compliance issue but a violation of patients’ most intimate information at their most vulnerable moments.
What makes healthcare such an attractive target? First, it’s infrastructure that affects human lives on an existential level. Second, healthcare organizations hold vast amounts of confidential patient data and, in the pharmaceutical sector, valuable intellectual property. And third, in the context of cyber warfare, healthcare represents a soft target. Think of a country’s defense as an armored warhorse—healthcare is an essential part of this structure, but it’s not armored like military systems, so it becomes the “soft underbelly” vulnerable to attack. Hospitals are repositories where people naturally divulge deeply personal information, making them juicy targets for APTs seeking intelligence on military personnel, first responders and other key individuals.
Most concerning is the lack of protection for medical IoT and operational technology. These critical systems often follow the technology evolution path of “get it working, then optimize it, then secure it,” but in healthcare, we often never reach that final security stage. With recent reports indicating that 92 per cent of healthcare organizations experienced at least one cyberattack in the past year, it’s clear our current approach isn’t working.
Why current defenses fail: the detect-and-respond problem
To grasp why cybersecurity keeps falling short in healthcare, we must look at the guiding principles behind our protective measures. Many healthcare entities adhere to the NIST Cybersecurity Framework—which includes identify, protect, detect, respond, and recover stages. This framework is robust, yet the sector has largely concentrated its efforts on advancing the “detection” aspect of security.
Let me walk you through a typical attack chain to demonstrate:
-
Initially, attackers obtain entry possibly via a stolen password or a deceptive phishing message.
-
Next, they move laterally through your network, evading defenses.
-
Then comes the critical part: egress. They establish command and control, pivot to other systems and exfiltrate data—all before you’ve detected their presence.
Once your threat detection system notifies you, critical patient data may have already been compromised. Even with thorough responses and recovery efforts, that stolen data won’t return. Compliance infractions and harm to reputation become irreversible issues, as do the consequences faced by those whose personal details have been disclosed. Some believe that artificial intelligence holds the solution; however, even though we use AI for detecting threats, malicious actors employ it too—both for crafting new malware and evading these systems. Consequently, an unintentional adversarial dynamic emerges within our cybersecurity landscape: both sides continuously enhance their capabilities against one another. As improvements in threat detection advance among security professionals, so does the sophistication of stealth techniques employed by cybercriminals.
The result? We’re still playing the same losing game, just with more expensive technology. The adversary still makes the first move, and by the time they do, the damage is already done. We need to stop doing the same thing over and over again and expecting different results. We need a new philosophy.
A new philosophy: Zero Trust connectivity
What if instead of perpetually struggling to keep pace with attackers, we completely shifted the paradigm? Enter Zero Trust connectivity—a strategy that transitions us from focusing primarily on detecting threats to prioritizing proactive protection. At its heart lies a straightforward yet potent concept: block all connections initially and permit only those that have been expressly validated.
secure. Instead of presuming systems are safe unless evidence shows otherwise, we presume they have been breached and allow only those connections that successfully undergo stringent validation.
If a gadget has to link with another system or site, the Zero Trust framework initially checks whether both the initiating device and the target are valid and approved. After completing the interaction, the system reverts to its standard setting, blocking all connections.
This method provides numerous key benefits for healthcare:
1.
This strategy presents various essential advantages within the healthcare sector:
-
Protection against unknown threats:
By focusing on recognizing what’s safe instead of pinpointing what’s dangerous, we avoid the daunting challenge of staying abreast of continually changing threats. For each genuine connection, there are roughly 7,000 possible malevolent ones.
-
Edge-based protection:
This approach works at the network edge without requiring endpoint agents, crucial for protecting medical IoT devices like MRIs and surgical equipment that can’t accommodate security software.
-
Neutralized phishing attacks:
Even if a clinician clicks a malicious link in a perfectly crafted phishing email, nothing happens because the connection to the attacker’s server is automatically denied.
By moving from “detect and respond” to “protect and neutralize,” we create a fundamentally different security posture that gives healthcare organizations a fighting chance against sophisticated threats.
A plea for philosophical transformation
Throwing more technology, more AI and more computing power at the problem won’t solve it if we don’t first address the fundamental flaw in our security philosophy. Zero Trust connectivity offers us a different path forward, one that aligns with healthcare’s unique challenges and requirements. By denying all connections by default and only allowing verified ones, we can dramatically reduce our attack surface, protect patient data and safeguard critical medical systems. All that’s needed now is the courage to embrace a fundamentally different way of thinking about cybersecurity, one that puts protection first.
Francois Driessen is the CO|MO and Co-Founder of ADAMnetworks.
https://adamnet.works/
This section is powered by
Revenue Dynamix
. Revenue Dynamix provides innovative marketing solutions designed to help IT professionals and businesses thrive in the Canadian market, offering insights and strategies that drive growth and success across the enterprise IT spectrum.
