A Look at the Healthcare Cybersecurity Landscape

| By Seth Johnson, Industry Consultant, Healthcare

It can take three to four weeks to reboot major IT systems and get a hospital running again after a cyberattack. Are you prepared?

A Look at the Healthcare Cybersecurity Landscape

TAGS: Healthcare, Security

As a former healthcare administrator, I spent many years running various areas of hospitals, including as a privacy and security officer. Through this experience, I saw firsthand that healthcare is a target-rich environment for cybersecurity attacks, with multiple attack points for bad actors. Often, print was overlooked in security defenses. 

Recent incidents show it can take three to four weeks to reboot major IT systems and get a hospital running again after a cyberattack. Many healthcare organizations are unprepared for such a significant length of downtime, which cascades into disruptions for patients. Sometimes, these consequences can be life threatening, although they can also range from facility transfers to delayed procedures. This can incur extra expenses for healthcare organizations, as the average hourly cost of downtime is between $320,000 and $540,000, depending on the industry.  

Last year, 40 million people were impacted by healthcare data breaches. While the healthcare landscape is incredibly complex, with much to juggle from a privacy and security standpoint, CISOs and privacy officers need to create a plan to protect patient data against cyberattacks. Even an attack through a printer can have significant consequences for healthcare organizations and their patients.  

Unexpected Vulnerabilities in Healthcare Organizations

In January 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) conducted a two-week Risk and Vulnerability Assessment (RVA) for a healthcare organization, aiming to identify cybersecurity vulnerabilities. The CISA team revealed that no significant vulnerabilities were found externally or through phishing attempts, and the organization's databases and wireless systems were secure.  

However, CISA's web application testing uncovered default credentials for multiple interfaces, and penetration testing exploited weak passwords, leading to the compromise of the organization's domain through several attack paths. 

In one attack path, the team used a printer configured to allow default password logins as the first link in a chain used to retrieve Active Directory domain credentials. These credentials were then used to exploit misconfigurations in Active Directory Certificate Services to request a certificate for a domain administrator account, ultimately compromising the domain.  

These findings underscore the need for organizations to address default credentials, rectify service misconfigurations, and continually enhance cybersecurity measures to thwart potential threats and safeguard sensitive information.  

Make a Plan for Managed Print Services

With the stress of the pandemic on the healthcare industry, the progression of many business functions was put on hold. However, transitioning to managed print services should resurface to the top the priority list, as it can help ensure patient privacy and relieve hospitals of print management hassles so they can spend more time focusing on patient care and less time worrying about bad actors.  

Network printers have multiple extensions, but we run into issues if there aren't any barriers or guards. With managed print services, healthcare organizations and beyond can better secure their technology and predict when there may be a vulnerability. Lexmark offers robust options for managing a fleet of printers, with management tools that allow control access to their printers, track and monitor printer usage, and enforce security policies across their printer fleet. Alongside standard security features, Lexmark provides ongoing security updates and patches to help businesses stay ahead of emerging threats and vulnerabilities, so hospitals don't have to.  

To learn more about how Lexmark's managed print offerings can help your healthcare organization, please visit the Lexmark Healthcare Page here.