The number of major healthcare record data breaches rose in 2020 for the fifth consecutive year, at an average cost of $7.1 million per breach – the highest cost figure and the most targeted of the industries. In its new white paper, Onclave Networks, Inc., a global cybersecurity leader, highlights that trend and other data in urging hospitals, healthcare providers and insurers to adopt Zero Trust guidelines to secure their networks. In 2020, nearly 29 million patient healthcare and financial records were compromised by data breaches, about 92 percent resulting from cyberattacks. Healthcare data breaches of 500 or more records have more than doubled in five years – from 270 breaches in 2015 to 642 in 2020. A 2020 report from IBM’s security group found those attacks in the Healthcare industry average cost of $7.1 million to be the highest of any industry sector, close to double the $3.86 million overall average. And the attacks have continued in 2021: In the last month, a cyberattack led two Florida hospitals to shut down their electronic health record systems, and 3.3 million patients from a Florida managed care network were notified their data had been illegally accessed. “Looking at that data, it’s easy to see why healthcare CIOs and CISOs and their staff on the front lines have sleepless nights,” said Onclave Networks CEO Don Stroberg. “Digital transformation in healthcare continues to expand, and with it the rise in security issues and attack surface due to vulnerable devices and systems.” From operational technology like lighting control to medical equipment, to IoT devices like heart rate monitors, experts estimate the typical hospital has 85,000 or more devices. Most cannot be easily monitored for attacks or malware, creating a host of vulnerabilities, Onclave reports. In addition, more hospitals now use remote patient monitoring and telehealth systems. That opens up hospitals to the vulnerabilities of home or clinic networks, generally with low levels of protection. The solution, Stroberg said, is for healthcare organizations to adopt Zero Trust guidelines, as the federal government is doing under the recent Biden Administration Executive Order 14028. The May 12 order calls for every government agency to “develop a plan to implement Zero Trust Architecture” as set forth by the National Institute of Standards and Technology (NIST). The executive order cites NIST to define “Zero Trust Architecture” as a “coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.” “The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses,” the order states. “The Zero Trust Architecture security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.” “A Zero Trust model always assumes a breach,” Stroberg said. “It changes the old saying of ‘trust, but verify’ to ‘never trust, and always verify.’” Onclave Networks’ implementation of those principles goes further, to what the firm calls the ”Zero Trust +” approach. Onclave’s infrastructure-agnostic private network creates secured point-to-point communications aggregated into networks with their own root of trust. It provides automated management and continuous monitoring and the capability to isolate and contain threats. The Onclave Zero Trust + network protects vulnerable endpoints by placing them in cryptographically separated groups. It greatly reduces the number of entry points for intrusion and completely eliminates the attack surface area of operational technology systems and connected devices (IoT). For healthcare organizations, Onclave’s Zero Trust + network reduces the number of vulnerable endpoints – like heart monitors, ICU and lighting systems – by separating those operational technology and IoT devices from the IT network, and treating every access request as unverified and requiring authorization, even if they come from within the network. With the growth in data that healthcare systems are receiving, and the steady increase in attacks on that data, the responsibility to secure that data being exchanged across networks keeps growing. “Breaches can cost both millions of dollars in direct and indirect losses, and cause incalculable damage to your patients’ well being,” Stroberg said. “Onclave’s private network increases your infrastructure security, simplifies your management, lowers your costs, and more importantly can save lives of those who are dependent on these devices and systems.” About Onclave Networks, Inc. Based in the Washington, D.C., area, Onclave Networks, Inc. is a global cybersecurity leader that specializes in securing operational technology (OT/IoT) through private networks. Onclave provides the first true Zero Trust secure communications platform that protects both legacy and new operational technologies from cyberattacks and other types of unauthorized access. Onclave makes trusted secure communications a standard for all by providing the fastest path to a more secure, simplified, and cost-effective alternative to today’s solutions. For more information, visit onclavenetworks.com. Media Contact Alexis Quintal [email protected] Source: Onclave Networks, Inc.