Why Endpoint Security is Critical For Healthcare Cybersecurity

December 10, 2021 - Endpoint security should be a crucial component of every healthcare organization’s cybersecurity program. It only takes one vulnerable endpoint for a threat actor to gain access and orchestrate a healthcare cyberattack—and with an uptick in remote work, bring-your-own-device (BYOD) policies, and a growing number of connected devices across healthcare IT networks, cybercriminals have a multitude of options.

Endpoints include laptops, mobile devices, medical devices, printers, servers, smartwatches, or any end-user device that is connected to an organization’s IT network. A single organization may have thousands of endpoints on its network, managed internally or by third-party vendors.

Endpoint security is the practice of securing those endpoints through a network or cloud-based system, a blog post on McAfee’s website states. Basic endpoint protection platforms (EPPs) function by examining files as they enter the network and detecting threats.

As threat actors become more sophisticated and ransomware attacks continue to plague the healthcare sector, healthcare organizations have an obligation to understand and implement effective endpoint security practices in order to protect patient data and mitigate cyber risks.

Why is endpoint security critical to securing healthcare data?

COVID-19 pushed many employees into remote working situations, naturally increasing the number and variety of endpoints. Remote work has never been the norm in healthcare, but the pandemic forced many non-essential workers to work from home when possible. As a result of the rapid and unexpected shift, healthcare was underprepared from a cybersecurity perspective.

The Cybersecurity and Infrastructure Security Agency (CISA) identified the rapid shift to entirely remote work as one of the biggest cybersecurity threats to the healthcare sector. Most remote workers received minimal cybersecurity training, and operational needs caused organizations to overlook cybersecurity.

In addition, BYOD, or using personal devices in hospitals to improve workflow and productivity, has become more popular in recent years. Despite its benefits, BYOD comes with numerous security concerns that could lead to patient data leakage.

“The major challenges identified were the use of devices with insufficient security controls by hospital staff, lack of control or visibility for the management to maintain security requirements, lack of awareness among hospital staff, lack of direction or guidance for BYOD usage, poor user experience, maintenance of legal requirements, shortage of cybersecurity skills, and loss of devices,” a 2020 study published in JMIR Mhealth and Uhealth explained.

Endpoint security solutions are not a cure-all, but they can help healthcare organizations combat some of the primary security and privacy concerns surrounding BYOD.

Guidance published by HHS’s Office of the Assistant Secretary for Preparedness and Response also identified endpoint security solutions as useful tools in protecting health data.

“Current cyberattacks target endpoints as frequently as networks. Implementing baseline security measures on these assets provides a critical layer of threat management. As the modern workforce becomes increasingly mobile, it is essential for these assets to interface and function securely,” the guide explained.

“The endpoints of which our computing environments largely consist are no longer static devices that exist in the health care organization’s main network. Organizations commonly leverage virtual teams, mobility, and other remote access methods to complete work. In some cases, endpoints rarely make it to the corporate network. It is important to build cybersecurity hygiene practices with these characteristics in mind.”

Endpoint security vs. network security

CISA also identified a “lack of endpoint protection due to overreliance on network security” as one of the top cybersecurity challenges to the healthcare sector in 2020.

Traditional network security measures, including antivirus software and firewalls, are used to find and block threats prior to reaching endpoints connected to an enterprise’s network. However, these safeguards provide limited visibility and cannot account for all end-user device threats and vulnerabilities.

Endpoint security protection offers visibility into all connected endpoints. Network security tools tend to be focused on stopping a specific threat and are installed across the network, while endpoint security tools are installed on the endpoint itself.

“Where, until recently, network security controls commanded the lion’s share of organizations’ security budgets, widespread and growing use of endpoint devices has all but eroded network perimeters, pushing out those boundaries,” analysis from Bloor Research explained.

“Organizations are now looking to take a holistic, end-to-end stance on security to encompass all entry points to the network. By integrating network and endpoint security, organizations are afforded greater visibility over the entire range of security threats that they face, both in real time and for historical analysis.”

Network security is still critical, but “it is no longer sufficient to tie network security controls to physical systems, which are far too static and inflexible for today’s network environment,” the analysis continued.

Creating a security program that is both people and device-centric can help organizations account for all endpoints and control access from a centralized location.

Endpoint security tools should not be treated as a replacement for network security tools. Both have their advantages and can work together to safeguard organizations against cyber threats while accounting for all end-users and connected devices.

Choosing and implementing an endpoint security solution

There are three primary types of endpoint security tools: endpoint protection platform (EPP), endpoint detection and remediation (EDR), and extended detection and response (XDR).

An EPP is a basic preventive tool that inspects files as they enter an organization’s network, like traditional antivirus tools. EPPs are good for immediate filtration of malicious files.

EDR goes one step further by continuously monitoring all files and applications and noting irregularities.

“Endpoint detection and response (EDR) technologies bridge the gap between execution and processing that occurs in an organization’s fleet of endpoints. These agent-based technologies allow cybersecurity departments to query large fleets of endpoints for suspicious running processes, file actions, and other irregular activities,” the HHS guidance explained.

In addition, EDR allows organizations to respond to malware intrusions from thousands of devices through a single action, allowing them to mitigate damage. EDR is also useful in providing forensic evidence to complement incident response.

XDR builds upon both EPPs and EDR to optimize security performance and provide increased threat visibility.

“XDR’s combination of threat intelligence, automation and machine learning helps companies optimize SOC performance and strengthen their ability to find and address the worst of the worst threat actors,” a Mandiant post explained.

XDR tools integrate into an organization’s security architecture and automate responses, ensuring that no incident goes unnoticed.

All the endpoint security tool types are attempting to defend against cyber threats that may emerge via network-connected devices. Using any of these tools in conjunction with network security tools, a comprehensive incident response plan, and an employee cyber education program can effectively mitigate risk.

As the number of endpoints increases, healthcare organizations should act accordingly by recognizing potential risks and investing in tools that will protect against cyberattacks.