SD WAN & Cybersecurity in Healthcare

The healthcare industry is a data-rich sector with research estimating around 30% of the global volume of data is generated by the sector. The need for digital healthcare has accelerated because of the Covid-19 pandemic, with digital systems such as telehealth/telemedicine augmenting face-to-face appointments.

The digital healthcare tech stack covers the entire industry from the back to the front office as well as patient care delivery. This surge in data and connectivity, alongside healthcare’s embracement of emerging technologies, has created a perfect cybersecurity storm. In the U.S., the number of data security breaches in healthcare has tripled in the three years from 2018-2021 with 45 million patient records breached last year. In the UK, 2020-2021 was a bumper year for data breaches with 8,815 recorded by the UK’s Information Commissioner's Office (ICO). Most of these breaches were in the education and the health sector.

IT decision-makers need to make important choices about which cybersecurity solutions are needed to close off vulnerabilities across the connected health networks. Ensuring that this decision is the right one needs to balance a budget with essential capability. SD-WAN and cybersecurity are converging. Creating a symbiotic cybersecurity-SD-WAN ecosystem is an essential part of the role of IT and security professionals in the healthcare sector.

The unhealthy nature of cybersecurity in the healthcare sector

Cyber-attacks on the healthcare sector can literally be a life-or-death issue. According to Natali Tshuva, CEO of IoT security company Sternum, during the Covid-19 pandemic, patients’ medical devices became targets for hackers as patients increasingly turned to remote care to avoid infection. IoMT and other connected medical devices, including pacemakers, insulin pumps, and other critical systems, are targets for hackers. A survey on connected device cyber-attacks by Irdeto found that 82% of healthcare organizations had experienced an IoT-focused cyber-attack in 2020.

In terms of data breaches and other cybersecurity attacks, healthcare is one of the most targeted sectors. The “2021 HIMSS Healthcare Cybersecurity Survey Report”, found that “significant cybersecurity events are the norm”. This worrying statement is backed by evidence such as the prevalence of phishing and spear-phishing in the sector, with 57% of respondents saying that significant attacks (such as ransomware) originated with phishing. Ransomware is a major issue in the sector, with around one-third of healthcare organizations suffering from a ransomware attack in 2020-2021 according to a Sophos report.

The Verizon 2021 Data Breach Investigation Report (DBIR), presents the top patterns of attack in the sector:

• Miscellaneous Errors
• Basic Web Application Attacks
• System Intrusion

Together these represent 86% of breaches.

Regulations within the healthcare sector are some of the most stringent and overarching. In the U.S. the Health Insurance Portability and Accountability Act (HIPAA) has been in force since 1996 and has far-reaching cybersecurity and privacy implications. In the UK, The Data Security and Protection (DSP) Toolkit sets standards on data protection in the sector.

The healthcare sector needs innovative technology to help deliver exceptional patient care. This technology increasingly relies on robust connectivity. This use of technology and a critical need for reliable connectivity across disparate networks is a baseline requirement in the sector. SD-WAN provides the sector with this resilience and reliability in a complicated network and device ecosystem. However, SD-WAN must be shored up by powerful cybersecurity solutions. Implementing a Secure SD-WAN requires an understanding of the parts that make up the whole.

How to select the best Healthcare cybersecurity solutions to work with your SD-WAN

Cybersecurity resilience is vitally important in a sector that relies on data and connectivity to keep people healthy and safe. Keeping the wheels of data moving, and medical devices safe requires the right type of cybersecurity solutions that can be deeply integrated into an SD-WAN environment. A report from Infosys sums up the importance of cybersecurity in the healthcare sector:

“...cybersecurity needs to be the highest priority. Healthcare providers need to find the right program for investment - embracing one that will align with their goals and strategy”.

Three basic pillars that inform cybersecurity solution choice in a Secure SD-WAN environment are:

• Design: SD-WAN solutions must use a multi-breakout network with security baked into the design - augmented by cybersecurity solutions.
• Integration: SD-WAN must use cybersecurity solutions, deeply integrated into the stack, to provide an ecosystem model of threat prevention.
• Compliance: This ecosystem approach must have at its core, adherence to the stringent regulations that govern the financial services sector.

Building in cybersecurity resilience: the whole is greater than the sum of the parts

SD-WAN, augmented with the right type of cybersecurity solutions, is a case of the whole being greater than the sum of the parts.

The healthcare sector must have this combination of reliable connectivity across disparate devices and locations shored up by robust security. The types of devices in healthcare, are arguably the most diverse array of any sector. Devices such as wearables, diabetic apps, cardiac monitors, etc., add complexity to the digitization of the sector.

The pillars of this challenge, that ensure SD-WAN and cybersecurity solutions work in unison are:

• Augmentation of SD-WAN and security requires deep, design-driven, integration.
• The network stack and security stack must converge seamlessly to build the optimal solution.
• Centralized management and configuration of security solutions is crucial.
• Digitization of healthcare services requires a deeply integrated security stack based on zero trust security
• Identity and access management based on the principle of least privilege is critical for the protection of health and personal data.

Zero trust security is supported by NIST (National Institute of Standards and Technology) who have developed a framework outlining a Zero Trust Architecture (ZTA) in their publication, NIST SP 800-207 ZTA (Zero Trust Architecture). A quote from the publication captures zero trust:

“Remote enterprise subjects and assets cannot fully trust their local network connection. Remote subjects should assume that the local (i.e., non-enterprise-owned) network is hostile. Assets should assume that all traffic is being monitored and potentially modified.“

The principle of zero trust is to always verify people, devices, systems, and networks before allowing access. The widely distributed and complex network of a modern healthcare organization is ideal for the segmentation inherent in a ZTA.

Healthcare has had more than its fair share of cyber-attacks. Without a zero trust approach to security, the sector is open to attacks such as the ransomware attack on Ireland's Health Service Executive (HSE) in 2021. The attack was highly destructive, affecting diagnostic systems, etc. Many clinics and hospitals had to cancel up to 80% of their appointments in the days after the attack. The attackers were a ransomware gang who typically use phishing as an entry point into a network.

To meet the exacting cybersecurity requirements of digital healthcare systems and services, SD-WAN must be designed from the ground up to work by the principles of zero trust security. This is achieved through informed choices of effective cybersecurity solutions that deeply integrate into an SD-WAN architecture.

What are the parts of a secure SD-WAN for healthcare?

Zero Trust Network Access (ZTNA) and Privileged Access Management (PAM).

Healthcare uses a variety of cloud-based models and edge and endpoint devices to provide the best patient care. The digital transformation of healthcare requires the safe sharing of data across a web of medical devices. ZTNA is ideal for the hybrid mix of networks and devices used in a modern healthcare setting. Zero trust architectures are designed to enforce the principles of always verify, never trust. ZTNA creates a protected, segmented, infrastructure that enforces access rules at a highly granular level so that people, devices, and locations can be checked before granting access. ZTNA provides monitoring and access controls based on zero trust principles across the network, no matter where or what device is used for access.

ZTNA can enforce encryption and dynamic access controls whenever health or personal data is transmitted, stored, and used.

Working as a deeply integrated architecture along with an SD-WAN, ZTNA defines the perimeter, expanding as new devices are added or as access to resources changes, no matter where that event occurs.

Privileged Access Management (PAM) defines the rules of engagement of access to health resources, including apps, network segments, and data. The principle of ‘least privilege’ is a fundamental of zero trust, ensuring only those who do need access, receive access.

SD-WAN integrated with PAM and ZTNA helps to meet regulations and standards that are built around protecting health information and personal data. This includes the security and privacy rules within HIPAA and the UK’s Data Security and Protection Toolkit (DSP).

Visibility, monitoring, policy enforcement

Visibility across the myriad types of medical devices, hybrid cloud environments, and remote locations and workers is a challenge in the sector: as such, healthcare networks are less of an ecosystem and more of a multiverse. The healthcare network is a smart network bolstered by security. But to create secure connections and protect data you must have visibility.

Visibility, monitoring, and policy enforcement, within this type of complex network, is a security challenge and a cybercriminal’s dream.

Firewall-as-a-Service (FWaaS) must be integrated into an SD-WAN to provide highly granular firewall functionality across every SD-WAN appliance; this gives each healthcare setting, device, remote office, and associated business entity, an intrinsic firewall.

Further cybersecurity solution integration should include a Cloud Access Security Broker (CASB) to provide the orchestration, visibility, and policy facilitation between devices and the cloud; all devices, including IoMT devices and other internet-enabled medical systems, can be made visible using a CASB, even if this cloud is a multi-cloud environment.

A Secure Web Gateway (SWG) solution is then used to control web access via a remote device.

All of these solutions work in harmony to ensure that network devices are visible and that the security policies of the devices are enforced.

Endpoint Protection for Healthcare

Endpoints are often the entry point for cyber-attacks; the vast numbers and types of endpoints within a typical healthcare organization present a unique challenge to the sector. As the number of endpoints increases, so does the attack surface potential: Six years ago, a Ponemon study into endpoint security found that 60% of organizations had difficulty in managing the risk from endpoints. Six years on, the situation has worsened. The same Ponemon report from 2020 found that 68% of respondents had seen increases in the frequency of attacks. This included one or more successful endpoint attacks over the previous two years.

A SIEM (security information and event management) platform provides event logging and analysis that covers the entire expanded network. A SIEM, however, generates security event alerts to a degree that can be overwhelming, especially in complex, expanded environments such as those in the healthcare sector.

SIEM can be enhanced and extended using an XDR (Extended Detection and Response) solution. XDR fills the endpoint gaps across the scattered and vast array of endpoint devices in a modern healthcare setting. XDR is designed to collate data and alerts from products such as SIEM and generate a single ‘pane-of-glass’ view. XDR uses smart data analytics via ML (machine learning) to analyze network data, checking for anomalies, patterns, and trends that signal a potential cyber threat or attack. The mix of an XDR with a SIEM capability helps to meet compliance and focus on threats.

Healthcare CISOs and CSOs are struggling to find IT and security talent like every other industry. A MDR (Managed Detection and Response) can be used to augment XDR, providing enhanced monitoring, threat hunting, and response capabilities, delivered as-a-Service by security specialists connected to a SOC (Security Operations Center). These specialists use the output from the MDR for cybersecurity analysis and to inform an effective response.

The whole: security stack meets the network stack in the form of a Secure SD-WAN for healthcare

Integrating the most appropriate security capability into an SD-WAN will help to meet the security challenges of a digitized healthcare organization. A Secure SD-WAN can make sure that healthcare organizations are reliably connected, compliant, and secure.

The healthcare sector is one of the most regulated, with laws and standards designed to secure protected health information (PHI) and personal data. Cybersecurity regulations are an important way to demonstrate to patients that your organization takes their data safety and privacy seriously.

Cybersecurity regulations and standards that benefit from a Secure SW-WAN include:

• EU, NIS 2 Directive (Network and Information Security (NIS) Directive): EU-wide framework for cybersecurity best practices, including in healthcare.
• UK, DSPT (Data Security and Protection Toolkit) standard 20-21.
• U.S., HIPAA (Health Insurance Portability and Accountability Act).

A ‘Secure SD-WAN’, ticks many of the compliance boxes around data protection, supply chain security, endpoint protection, access control, and cyber-resilience. An SD-WAN that is augmented with zero trust technologies, future-proofs healthcare against changes in regulations and security threats.

Use cases for secure SD-WAN in healthcare

Protect critical medical devices

Zero trust uses the concept of segmentation to isolate parts of an expanded network, improving resilience. An SD-WAN provides the framework for a zero trust network that can then be secured against cyber-attacks using cybersecurity solutions such as ZTNA and PAM. A segmented network makes the securing of IoT devices more effective. A secure IoMT ecosystem means a healthcare organization can ensure security for critical medical devices.

Protect patient data and comply with regulations

Healthcare organizations must comply with strict regulations that require patient data to be protected. However, a modern digitized healthcare setting generates, shares, and stores vast amounts of patient data. Squaring this round requires an SD-WAN that is configured to allow the smooth flow of data, whilst ensuring that the principle of least privilege access is used, and zero trust access control is applied. Adding an integrated WFaaS ensures that all devices connecting to the network, and sharing data across the expanded SD-WAN environment, are protected against external cyber-attacks.

Future-proof healthcare

A Secure SD-WAN provides the tools to future-proof the delivery of telemedicine. The Covid-19 pandemic put the sector under enormous strain. Telemedicine came to the rescue, allowing patients to keep appointments by using technologies such as video conferencing. A Secure SD-WAN provides the agility to further expand the healthcare network, ensure multi-cloud connectivity, and support applications to operate at high-speed, and that are secured and privacy-respectful.

Future-proofing the SD-WAN

Healthcare has major challenges because of the distributed nature of its network and the diverse range of medical (and non-medical) devices within its tech real-estate. SD-WAN is a critical part of delivering efficient, robust, and reliable connectivity across distributed healthcare networks. However, secure solutions that deeply integrate into the SD-WAN provide a whole new dimension of control, security, and privacy. The healthcare industry is a target because it is data-rich. By providing a secure SD-WAN backbone, the sector can ensure the health and cyber-safety of its patients.