Dr. Junaid Nabi is a physician-scientist specialising in healthcare strategy. He is a Senior Fellow at The Aspen Institute and is currently examining the relationship between healthcare technology and national security policy at the Pardee RAND School discusses the evolving cybersecurity threats in healthcare, from ransomware attacks to vulnerabilities in medical devices, and offers strategies to enhance security as healthcare systems embrace digital transformation globally.
How would you assess the cybersecurity landscape within the healthcare sector globally? What are the primary cyber threats that healthcare providers face today?
The global cybersecurity landscape in the healthcare sector is becoming increasingly complex and vulnerable. Rapid digitalization and the quick adoption of digital technologies in healthcare have expanded the “attack surface” — making it difficult to secure sensitive patient data and critical healthcare infrastructure. Healthcare providers and health systems face significant threats from data breaches—many of which can compromise patient confidentiality and disrupt healthcare services. Ransomware attacks are particularly prevalent nowadays, causing significant disruptions to healthcare operations and putting patient lives at risk. The increasing use of Internet of Medical Things devices introduces new vulnerabilities—as these devices often lack robust security measures. Healthcare supply chains are also at an increased risk, with attacks on third-party vendors potentially leading to broader security breaches.
The evolving cybersecurity landscape within the healthcare sector will be one of the key focuses of the Global Cybersecurity Forum (GCF) Annual Meeting, which I will be speaking on 2-3 October in Riyadh, Saudi Arabia. As healthcare delivery operations further integrate with cyberspace, the need to address risks and build resilience is more pressing than ever—and the GCF Annual Meeting 2024 will provide an important platform to discuss evidence-based strategies that global decision-makers and experts can pursue towards greater cybersecurity.
What are the key cybersecurity challenges unique to healthcare providers, particularly given the reliance on electronic health records (EHRs) and other digital systems?
To reiterate, healthcare providers face distinct cybersecurity challenges unique to their sector, mainly because they depend on electronic health records (EHRs) and other digital systems to deliver patient care. The first challenge is data protection — the sensitive nature of patient data stored in EHRs makes healthcare providers a prime target for data breaches. It is mission-critical to ensure the confidentiality, integrity, and availability of these data. Additionally, healthcare providers must comply with strict regulations, such as HIPAA in the United States, which require strong cybersecurity measures to protect patient data and can lead to legal issues when not being complied with. The need for interoperability between different healthcare systems and devices can create additional security challenges, as it increases the potential attack surface.
How can healthcare providers better protect their medical devices, which are becoming a key target for hackers?
All cybersecurity protections start with the human in the system. Healthcare providers can enhance the protection of their medical devices from cyber threats by implementing available digital strategies that provide safety. They can begin with ‘device segmentation’ – which involves separating medical devices into distinct networks to limit the potential spread of malware and unauthorized access. It is also necessary that all medical devices are regularly updated with the latest security patches and firmware updates to address known vulnerabilities. Implementing strict access controls, including multi-factor authentication and role-based access, is crucial to limit access to medical devices. Furthermore, participating in training on cybersecurity best practices and the importance of securing medical devices is essential.
How can healthcare providers in the Middle East strengthen their defenses against ransomware attacks and data breaches, which seem to be on the rise?
I believe there is a need to examine and research the specific reasons why ransomware attacks and data breaches seem to be on the rise in the Middle East. However, a few strategies that can help include leveraging regional cybersecurity initiatives by participating in Middle East-specific information sharing networks and collaborative platforms to stay informed about regional threats and share best practices tailored to the area’s unique challenges. Implementing culturally aware training programs to develop cybersecurity awareness that considers local cultural nuances and communication styles to ensure better adoption of security practices among staff. Policymakers can also utilize AI-powered threat detection systems that can quickly identify potential security breaches. IT teams can collaborate with local tech innovation hubs and partner with the region’s growing technology innovation centers to develop and implement cutting-edge cybersecurity solutions tailored to local healthcare needs.
What strategies are most effective in addressing the increasing number of cyberattacks targeting sensitive patient data and healthcare infrastructure?
To effectively address the increasing cyberattacks targeting patient data and healthcare infrastructure, it is essential to implement strong authentication measures across all information systems. As healthcare increasingly relies on connected devices, securing the ‘Internet of Medical Things’ and operational technology is urgent. Adopting a “Zero Trust” architecture, which verifies every user and device attempting to access the network, can significantly minimize the impact of potential breaches. Conducting frequent security audits to identify vulnerabilities and updating security measures is necessary. Healthcare providers and staff that interact with the information systems should regularly be educated about—and routinely tested on—cybersecurity best practices to prevent phishing and other social engineering attacks.
How should governments in the Middle East work with healthcare providers to ensure robust cybersecurity frameworks are in place?
Governments in the Middle East should collaborate closely with healthcare leaders to establish robust cybersecurity frameworks. This can be achieved by promoting public-private partnerships similar to those seen in the U.S. between the Department of Health and Human Services and the Healthcare Sector Coordinating Council Cybersecurity Working Group. These alliances can foster the development and dissemination of tailored cybersecurity guidelines and best practices—such as the Healthcare Industry Cybersecurity Practices and the NIST Cybersecurity Framework Implementation Guide. Policymakers in government agencies can also provide financial incentives and resources to support under-resourced healthcare providers in enhancing their cybersecurity capabilities.
Cyberspace cuts across all sectors—a multistakeholder approach that brings together government, the private sector, civil society, and academia is necessary to build cyber resilience in healthcare. It’s great to see platforms like the Global Cybersecurity Forum bringing together stakeholders from every sector internationally to discuss ways to build resilience in a fast-evolving cyber landscape.
What strategies can healthcare systems in the Middle East adopt to mitigate risks associated with the supply chain, such as cyber threats targeting suppliers or contractors?
To reduce supply chain risks, healthcare systems in the Middle East can implement a multi-pronged strategy. Firstly, they can conduct thorough vendor risk assessments and establish robust contractual agreements to identify and mitigate potential threats. Secondly, regular security audits and vulnerability testing can help ensure compliance and reduce third-party vulnerabilities. Lastly, healthcare organizations should limit vendors’ access to critical assets, employ a “zero-trust” model, and segment their networks to protect sensitive data. Encrypting supply chain data can also help minimize the impact of a security breach.
How is the use of AI in healthcare influencing cybersecurity risks? Are there specific vulnerabilities healthcare providers should be aware of as they increasingly rely on AI-driven systems?
The growing use of AI in healthcare is bringing about new cybersecurity risks that providers must pay attention to. While AI can transform healthcare delivery and enhance patient outcomes, it can also increase the attack surface for cybercriminals. AI systems depend on vast amounts of sensitive patient data—making them attractive targets for data breaches. As healthcare systems increasingly integrate AI-driven strategies, they must be vigilant about the specific vulnerabilities these technologies introduce. These include ensuring the security of the data used to train AI models, implementing potent admission controls, and regularly auditing AI systems for potential weaknesses. Providers should also be prepared to respond promptly to any AI-related security incidents, as the consequences of a breach or malfunction could be catastrophic in a healthcare setting.
What role can AI and machine learning play in improving the cybersecurity posture of healthcare providers in the Middle East?
Artificial intelligence and machine learning can play an integral role in enhancing the cybersecurity posture of healthcare providers in the Middle East. By leveraging AI and ML technologies, healthcare organizations can proactively detect, and respond to, cyber threats in real time. AI-powered threat detection systems can analyze vast amounts of data to identify anomalies and potential security breaches—enabling healthcare providers to take swift action to mitigate risks. Machine learning algorithms can continuously learn and adapt to new threats, providing a robust defense against evolving cyberattacks. These technologies can also help automate security processes—reducing the burden on human analysts and allowing them to focus on high-priority tasks.
With the growing adoption of telemedicine and remote care technologies, what additional cybersecurity threats are emerging, and how can healthcare providers mitigate these risks?
Telemedicine and remote care technologies pose additional cybersecurity threats, including a greater risk of data breaches, phishing attacks (especially from emails), and ransomware. Using digital communication channels and electronic health records increases the chance of unauthorized access to sensitive patient information. To reduce these risks, healthcare providers should implement multi-factor authentication, encrypt data at rest and in transit, and regularly conduct security screenings. It’s also prudent to ensure frontline staff’s compliance with local and regional regulations to protect patient data and maintain trust in telemedicine services.
What steps should be taken to ensure that healthcare data remains secure while still being available for critical medical research and treatment advancements?
To ensure the security of healthcare data while promoting meaningful advances in clinical research and disease management, healthcare organizations should implement strong data encryption and entry rules for those with access to information systems. They can also utilize advanced technologies like blockchain for secure data sharing. Anonymization and de-identification techniques should protect patient privacy while allowing valuable insights to be extracted. Collaboration among healthcare providers, researchers, and cybersecurity experts is essential to develop standardized protocols for secure data sharing.
What are the best practices for building cyber resilience in healthcare systems to ensure they can withstand and recover from cyberattacks?
To build cyber resilience in healthcare systems, policymakers and leaders who design implementation frameworks can invest in creating enterprise-wide data governance platforms. These platforms can simplify complex systems, reduce vulnerabilities, and enhance cybersecurity controls. Tailoring available cybersecurity practices to the healthcare sector’s unique needs can help mitigate specific threats. Strengthening third-party security by ensuring vendors adhere to robust cybersecurity standards is essential to prevent supply chain attacks. Additionally, it would be wise to develop continuous monitoring and incident response systems that can regularly assess and update cybersecurity measures—and create robust incident response plans, which are vital for quick recovery from cyberattacks.
What emerging cyber threats do you foresee as the biggest challenge for healthcare providers in the next five years?
As a healthcare and national security policy analyst, I believe emerging cyber threats can pose significant challenges for healthcare providers in the next five years. My main concerns stem from the increasing sophistication of ransomware attacks, which often disrupt critical care services and compromise patient safety. The growing reliance on the Internet of Medical Things devices also expands the attack surface, making healthcare organizations more vulnerable to data breaches and cyber-physical attacks. The shortage of cybersecurity professionals and limited budgets in the healthcare sector exacerbate these challenges, making it difficult for organizations to implement robust cybersecurity measures. Similarly, the rise of social engineering attacks—such as phishing and spear-phishing—targeting healthcare staff can lead to unauthorized access to sensitive patient data.
How should healthcare providers in the Middle East prepare for the future of healthcare cybersecurity, especially in light of evolving global threats and the rise of digital health initiatives?
Healthcare providers in the Middle East must prioritize cybersecurity as they adopt digital health initiatives. This involves implementing advanced security measures such as “Zero Trust” architectures, “Just-in-Time Access”, and the “Principle of Least Privilege” to minimize attack surfaces. Leveraging advanced technologies, complying with regulations, and promoting a culture of security awareness can also be done. To reduce human error and insider threats, investing in security awareness education for employees is essential. Also, collaborating with cybersecurity firms and government agencies to share threat intelligence and best practices is crucial. Developing local cybersecurity talent through instruction and apprenticeship initiatives is indispensable to fulfilling the increasing demand for skilled professionals. By taking a proactive, multi-step strategy for cybersecurity, healthcare providers in the Middle East can safeguard sensitive data, ensure operational continuity, and establish trust in the digital age.