Healthcare Practices Cyber Incident Response Less Than Most Sectors

March 10, 2022 - Although cyberattacks and data breaches have bombarded the healthcare sector in recent years, recent research from Immersive Labs found that healthcare conducts cyber incident response exercises far less than other industries.

Immersive Labs analyzed 35,000 members of the cybersecurity workforce from a variety of industries and found that the healthcare sector conducted only two cyber crisis exercises per year on average. The technology and financial services sectors conducted nine and seven crisis exercises per year on average, respectively.

It makes sense that highly targeted industries like technology and finance would prepare accordingly. But healthcare is an equally high-profile and highly regulated cyberattack target, making the lack of crisis response exercises troubling.

“The modern cyber crisis is an all-encompassing organizational trauma. Stopping incidents bringing operations to a halt and destroying reputation, corporate value and stakeholder relationships requires a holistic response from the entire workforce,” the report stated.

“Achieving this kind of resilience requires a continually maturing responsive capability for technical and non-technical teams, developed by exercising with a cadence that traditional tabletop exercises struggle to achieve.”

An analysis of the content and effectiveness of these cyber crisis response exercises also saw healthcare lagging other industries. The average performance score, which the report defined as an “amalgamation of the quality of all decisions made throughout the entire simulation,” was 68 percent.

Healthcare was the worst-performing sector, at just 18 percent, compared to 85 percent for the manufacturing industry.

The report also found that it took 96 days on average for cybersecurity team members to develop the knowledge and skills needed to defend against breaking threats.

“A long lag in human capabilities contrasts significantly with the widely accepted need for swift technical remediation,” Immersive Labs noted.

The only exception was Log4j. The report suggested that cybersecurity teams developed human cyber defense capabilities within two days on average. But the quick response to Log4j may have lasting impacts on the cybersecurity workforce, a recent report from (ISC)² suggested.

Log4j put additional strain on the already overburdened cybersecurity workforce, many of whom reportedly spent weeks or months remediating the vulnerabilities. Nearly half of survey respondents said their team sacrificed holidays and vacations to deal with remediation.  

These reports suggest that the ongoing shortage of cybersecurity workers may partially explain the gaps in healthcare cybersecurity. In previous research, (ISC)² found that the global cybersecurity workforce must grow by 65 percent to defend critical assets and data effectively.

The Immersive Labs report exemplified the adverse effects of having a short-staffed and overworked cybersecurity team. For healthcare, patient safety and privacy are on the line, making it even more crucial to expand the workforce.

“The workforce cyber challenge facing large organizations is complex and demanding. A continual barrage of fast-moving threats—each executing in a multitude of phases and targeting different parts of the organization—stretch capabilities to the limit,” the Immersive Labs report noted.

Healthcare organizations can combat these shortcomings by investing in further training exercises for their workforces and fostering a culture of cybersecurity. In addition, automated security technologies may help cybersecurity teams make up for the workforce gap.

A report by The Economist Intelligence Unit sponsored by law firm Pillsbury Winthrop Shaw Pittman LLP suggested that artificial intelligence-driven security technologies may be able to help healthcare organizations streamline threat detection efforts, mitigate human error, and ensure compliance.

AI works 24 hours per day, 7 days per week. Constant monitoring means that it can process large quantities of data and detect threats quickly.

“In integrating AI technologies with cybersecurity programs and systems, businesses across sectors have an invaluable opportunity to address one of the most complicated and potentially damaging risk factors organizations face today,” the report stated.

However, it is also crucial to recognize that while AI and automated tech can do many things, humans are still essential to cybersecurity. Practicing cyber incident response plans and staying on top of threat detection efforts are crucial steps in fostering healthcare cybersecurity.