In light of the recent World Health Day, Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, is warning the South African healthcare sector that it urgently needs to increase its cyber security defences.
Recent data from the company reported that the industry, which is notoriously under resourced in all areas, has experienced a 74% year-on-year increase in attacks. Although healthcare is not within the top 6 targeted industries in South Africa, globally healthcare is the 3rd most targeted industry. This makes cybersecurity a top concern for the South African health care sector who must improve protection before they become a target of the 1677 attacks experienced by others in the industry each week.
RELATED: Check Point Software introduces Infinity Global Services for end-to-end cyber resilience
In its latest Security Report, Check Point identified that this hyperfocus on disrupting our national infrastructure stems not only from the appeal of gaining access to our most sensitive data and medical records, but also from the publicity associated with breaches of this kind. In South Africa, healthcare services faces increased challenges when it comes to ensuring this sensitive data is kept safe.
The lack of cybersecurity awareness among South Africans, coupled with rapidly evolving regulatory requirements focused on protecting personal data such as the implementation of the Protection of Personal Information Act (POPIA) may make this sector a growing target for cybercriminals. In addition, these two factors mean healthcare faces additional pressure and a higher likelihood of ransom payment, a line item which the already underfunded facilities cannot afford. .
Over the last year we have seen the impact that an attack can have on a healthcare provider. For example, South African pharmacy retail giant Dis-Chem experienced a cyberattack in May last year with the personal data of more than 3.6 million customers being compromised and a ransom amount of R220 million demanded. Although not as severe as some cases, often when it comes to cyberattacks such as these, it is a matter of life and death.
In fact, a survey conducted by the Ponemon Institute found that more than 20% of healthcare organisations reported an increase in patient mortality rates after experiencing a breach – a risk which already struggling South African hospitals cannot afford to take.
The healthcare sector in Africa is vulnerable for several reasons. Firstly, the increased sophistication and quantity of cyberattacks is not a threat these companies are set up to deal with. Some African healthcare facilities still rely on outdated systems and software. These older systems often have known vulnerabilities that can be easily exploited by cyber criminals.
Unfortunately, in many of these cases healthcare providers may not have the resources to invest in the latest cybersecurity technologies, leaving them more vulnerable to attacks. On the continent, much like everywhere else in the world, medical data is highly valuable to cyber criminals. They may use it for identity theft, fraud, or even to blackmail individuals.. The current cybersecurity skills shortage also means there is a lack of expertise to help manage this widening attack surface.
Despite these challenges there are technologies and strategies that can help protect healthcare providers. Here are five key elements that every organisation should follow to ensure maximum security:
- Communication: ‘A chain is only as strong as its weakest link’. The digital divide which still exists in South Africa means large portions of the population lack proper digital literacy and knowledge of cybersecurity threats. According to Check Points recent report, 63% of attacks were conducted via email. Companies need to educate employees on how to stay secure and ensure they are aware of protocol in times of doubt. If not properly managed, any device that has access to a network is a gateway for cybercriminals to all connected devices. This problem has multiplied with hybrid and remote working practices and a proliferation of personal mobile devices being used to access medical data in email and Microsoft 365
- Visibility and segmentation: It is impossible to successfully secure a network without understanding all the assets it contains. Having a comprehensive view, including cloud and data centre assets, will expose any weaknesses, such as possible unpatched security updates or devices that have outdated firmware. Once the network is mapped, strategies such as segmentation can be implemented, which creates virtual internal barriers that prevent cyber attackers from moving laterally and causing widespread damage. For the out-of-date systems found in South African hospitals, updating and implementing a more mature strategy is crucial.
- Consolidated security is now a must have: With email continuing to be the #1 threat vector, followed closely by vulnerabilities and misconfigurations, a strategy of implementing multiple single-point solutions is no longer adequate protection. Security operations need full end-to-end visibility, less false positives, and absolute confidence that all vectors have the same elevated level of shared threat intelligence and prevention-based security, ensuring that every potential threat is covered. Preventing insider threats through education is also key here.
- CISOs must do their part: The role of a CISO is to ensure that executive management has a clear and articulate understanding of the risks an organisation faces. Their job is to make these points clear in a language that is easy to understand for all positions, as well as to explain the business consequences of weak security. If there is a general lack of communication between CISOs and the business, that must change to better secure critical services. This is a particular challenge in South Africa where digital skills and understanding of cybersecurity are limited. Ensuring CSIOs are able to communicate clearly, and executives understand the importance of security are key.
- Collaboration is key: Companies in all sectors need to elevate their cybersecurity programs, but they cannot do it alone. Security vendors need to work together to create unified cover against threats, and a unified regulatory body should be adopted to help implement standard practices and reduce disparities in cybersecurity spending.
“Many healthcare organisations do have good risk management in place but lack a consolidated, collaborative and comprehensive strategy that offers true cybersecurity resilience. However, there is a portion of healthcare facilities in our country which still have very little protection. As the threat level continues to grow, and the consequences can only get more serious it is imperative that the South African healthcare sector remain a lesser target,” explains Charnie Lee, Country Manager for South Africa at Check Point. “Such attacks can not only disrupt operations for these healthcare organisations but lead to loss of lives if services are prevented from being delivered. It is necessary to have solutions to take immediate action, but, above all, to ensure prevention of such attacks in the first place, rather than just detection”.