Geopolitical uncertainty has dramatically increased the chances that healthcare organisations will experience more security attacks in the next couple years. Keith Bromley from Keysight Technologies shares his insights into the need for SecOps teams to prepare for even more ransomware attacks to extort money along with “lights out attacks” designed to cripple day to day operations.
The last two years have proven that the statement — “No one would want to hurt a hospital or healthcare clinic” — is a false narrative.
Cyberattacks against network servers in the healthcare sector rose 35% in 2020 and another 53% in 2021, according to Fortified Health Security reports.
Expect The Unexpected
A focus on cyber resiliency is key to your success.
Once a cyber-attack or breach has been launched, you obviously need to stop the threat.
However, it is just as important to get back to normal operations as fast as possible to maintain business continuity and satisfy patient needs.
The key to making cyber resiliency work safely is to engineer your security architecture with self-healing capabilities from the start.
See the highlight box below for some examples of engineered cyber resilience.
Bad actors are making sure that healthcare organizations either spend now on security defenses or pay later for ransoms, fines and lawsuits.
You can start the process with a three-point plan focused on prevention, detection, and vigilance.
Here are some focused recommendations from this three-point plan:
1. Deploy an inline security solution to reduce as many vulnerabilities within the network as possible
Inline security solutions are a high impact technique that address security threats, especially ransomware targeting healthcare networks.
These solutions can eliminate 90% or more of incoming security threats before they even enter your network.
An inline security solution includes both security appliances (like an intrusion prevention system (IPS), web application firewalls (WAF), TLS 1.3 decryption, etc.) and infrastructure components like external bypass switches and network packet brokers to access and deliver complete data visibility.

About the Author: Keith Bromley is a senior solutions marketing manager at Keysight Technologies, with over 25 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Keysight’s network visibility and security solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, network security, management systems, cloud computing, unified communications, IP telephony, SIP, wireless and wireline infrastructure.
This allows for the examination of ALL suspect data entering the network.
2. Hunt down intrusions to find and quickly remediate intrusions that are discovered in the network
Unfortunately, inline solutions cannot prevent everything.
This is why you need a second level of defense that helps you actively search for threats.
This part of the plan uses taps and network packet brokers to capture relevant packet data and then feed that data to purpose-built threat hunting tools to proactively look for indicators of compromise (IOC) within network components and Internet of Medical Things (IoMT) devices.
3. Periodically test your defenses with breach and attack simulation (BAS) to make sure they actually detect and block threats
The third level of defense is to periodically validate that your security architecture is working as designed.
This means using a BAS solution to safely check your defenses against real-world threats to find any holes before hackers find them for you.
Examples of engineered cyber resilience
- External bypass switches that use heartbeat messaging. These devices can be set to Fail Open or Fail Closed, as you choose, and revert back to normal operation once a problem is resolved. This creates a self-healing architecture.
- The use of inline and out-of-band network packet brokers that have n+1 survivability functions for security applications. This increases network reliability and delivers additional inline security fail-over techniques.
- Clustered security appliance configurations for improved survivability
- Inline packet brokers with Active-Active processors that provide enhanced business continuity without loss of data. Active-Standby solutions lose data when the standby processor comes online.
- Use of network packet brokers that support integration to SIEMs. This allows your network to use automation to collect data faster and thwart security attacks as fast as possible.
- A BAS solution that supports a recommendation engine that quickly tells you where problems exist and how to fix them. Some BAS solutions can even communicate the necessary remediation to SIEMs to increase speed of reaction to security attacks.
Tags: commentary, healthcare, interviews, Keysight, networks, opinion, security byline, Tech Focus, technology
Even Singapore’s healthcare system has been hacked. It is really important that something as critical as healthcare networks be given the utmost attention when it comes to security!
Indeed! It’s so unscrupulous to hack healthcare networks in order to profiteer from it. We really can’t let our guards down.