Interview: Cybersecurity needs a health check
Rick Jones, CEO and Co-Founder of DigitalXRAID, discusses cybersecurity and its importance in the healthcare sector, with Megan Gaen
You are the CEO and Co-Founder of DigitalXRAID. For those who may not know, what does the company do?
DigitalXRAID is a full-service cybersecurity consultancy that prides itself on meeting corporate organisations where they are and supporting them in improving their overall security posture.
Our services cover all three pillars of cybersecurity – offensive, defensive, and compliance – and our primary offering is a technology-agnostic, CREST-accredited security operations centre (SOC). A SOC consists of a dedicated team of analysts who monitor customers’ networks, systems and applications 24/7/365, bringing the best software and threat intelligence to respond to security events in real time.
Why did you want to set up the company?
Working in security, I’ve always believed that being part of a connected world shouldn’t come with a high risk that could cost a business its reputation or customers.
Cybercriminals are increasingly entering systems and hiding out in search of the most lucrative data or attack opportunity – particularly in critical industries such as healthcare and financial services. We provide a background level of extended detection and response to help businesses understand and continually reduce risk within their security controls. When a bad actor does manage to get through, I’m proud to say our SOC team can neutralise an attack in just six minutes.
The large and growing supply chain in healthcare offers bad actors a direct line to impact critical national infrastructure and steal highly sensitive information
Supply chain attacks unfortunately occur across all industries. Why is the healthcare industry particularly vulnerable to these attacks?
There are a few reasons why the healthcare industry should be particularly vigilant to supply chain attacks. Firstly, healthcare providers are often time- and resource-poor, leading to outsourced processes, from HR and payroll services to cleaning companies. Similarly, the large amount of operational technology (OT) needed for diagnostics – alongside a network of pharmaceutical suppliers, academic institutions and software vendors – results in a wide-ranging supplier ecosystem that dramatically expands the attack surface for bad actors looking to disrupt operations or steal sensitive data. The large and growing supply chain in healthcare offers bad actors a direct line to impact critical national infrastructure and steal highly sensitive information OT equipment presents even more risk, as these machines tend to have a long lifespan that means they may not support newer operating systems. This makes software updates far more difficult or even impossible to implement, opening the door to software supply chain attacks. Technology research firm Gartner estimates that by 2025, 45% of organisations will have experienced an attack on their software supply chains. Supply chain breaches are a lucrative tactic for cybercriminals, who can gain a foothold into multiple organisations by using a supplier, partner, or software provider as a vector. The large and growing supply chain in healthcare offers bad actors a direct line to impact critical national infrastructure and steal highly sensitive information – it is a no brainer.
In 2017, the WannaCry ransomware attack infected over 1,200 pieces of diagnostics equipment through unpatched Windows computers, and when criminals breached clinical patient management software provider Advanced in 2022, the NHS suffered weeks of disruption to its dedicated 111 service.
Did you feel an extra layer of responsibility to work with healthcare providers to protect their clients’ data due to the personal nature of it?
Yes, every organisation should be able to operate with some peace of mind in today’s threat landscape, and security teams often need support to handle the relentless onslaught of attacks and security notifications.
The data in healthcare is highly personal, but the real threat that motivates me is that of suspended or delayed medical services, and the impacts that can have on people’s lives. Healthcare is part of our critical national infrastructure for a reason, and bad actors looking to cause maximum disruption or impact the quality of life and institutional trust of our citizens are well aware of the value of hitting a healthcare provider. This makes it imperative that the security industry as a whole is invested in supporting the sector so it can continue to deliver lifesaving services.
What are the dangers of hackers stealing patients’ data?
Stolen data is commonly sold on the dark web as an asset for other bad actors to use in informing and facilitating further attacks. Patient medical data is not just highly sensitive on a personal level; it can be used to create targeted social engineering campaigns based on the health conditions or medical history of a victim. This can be used to trick patients into sharing more personal information via spoofed log-in pages, or it can be a vehicle for malware that can infect their personal or professional accounts.
Even worse, this data can be used in sophisticated ransomware campaigns. In these cases, hackers commonly extort the healthcare organisation by withholding vital patient data, but they can increase their pressure on victims through double extortion tactics. In these scenarios, hackers exfiltrate data sets and threaten to sell them on the dark web or leak them unless they receive money. In recent years, this has even given way to the more sinister triple extortion attempt. After the initial ransomware incident, bad actors will approach affected patients directly with threats to leak their data unless they themselves pay a smaller, but still costly, ransom. Put simply, patient data is very sensitive and should never be in the hands of criminals.
I’ve always believed that being part of a connected world shouldn’t come with a high risk that could cost a business its reputation or customers
How can healthcare providers protect themselves and their clients from these attacks?
It’s crucial to vet your suppliers meticulously and follow architectural best practices. A proactive approach to third-party risks is your best bet for dodging this bullet.
• Supplier vetting: never take your suppliers at face value. Conduct comprehensive risk assessments, and don’t shy away from asking hard questions about their cybersecurity measures. Making sure that suppliers comply with standards such as ISO 27001 can provide assurance that they also adhere to data and security best practices
• Architectural best practices: design your network architecture to minimise risk. Isolate critical systems, implement strong authentication protocols, and keep up to date with patch management
• Third-party risk management: a well-defined third-party risk management plan can be a lifesaver. Continuously evaluate and monitor the security postures of your partners. If they aren’t up to par, it’s time to consider if they’re worth the risk.
What are your hopes for the future of cybersecurity in the healthcare industry?
My hope is that healthcare organisations better understand the security risks they face in 2024 and the future, and that they receive the necessary support and funding to achieve a more secure posture. Our job as cybersecurity providers is not just to manage security risk, but to leave our customers better educated, more secure and less exposed to cyberattacks.