Joseph Funaro
The healthcare cyber crisis: Why zero-trust and portless connectivity are no longer optional
December 23, 2024
By Joseph Funaro
The healthcare industry is under siege. According to the July 2023 Healthcare Data Breach Report in the HIPAA Journal “There was a 261% month-over-month increase in breached records in July, with 18,116,982 records breached across the 56 reported incidents”. The frequency and sophistication of cyberattacks targeting healthcare organizations have surged in recent years, leaving no institution immune.
Ransomware, data breaches, and other cyber threats are capitalizing on poorly managed solutions and outdated, legacy approaches to cybersecurity. While healthcare organizations scramble to adopt advanced technologies like artificial intelligence (AI) for diagnostics and operational efficiencies, they risk overlooking a critical foundational issue: their connectivity infrastructure. Without addressing these vulnerabilities, the promise of technological advancements may be overshadowed by the harsh reality of compromised patient data and operational shutdowns.
A perfect storm of threats
Healthcare’s cyber crisis stems from a confluence of factors. First, the sector has become a prime target for cybercriminals due to the high value of patient data on the black market. Electronic health records (EHRs) contain a treasure trove of information, including Social Security numbers, insurance details, and medical histories. When this data falls into the wrong hands, the consequences can be devastating, not just for organizations but for patients themselves.
Second, the sprawling nature of healthcare networks—which often span multiple facilities, remote clinics, and third-party vendors—compounds the risk. Each connection point represents a potential entry for attackers. Moreover, the reliance on legacy systems, some of which are decades old, creates significant vulnerabilities. These systems were not designed to withstand the sophisticated attack methods employed today, let alone emerging threats such as quantum cracking.
The looming quantum threat
Quantum computing, while promising unparalleled advancements in many fields, also poses a dire risk to cybersecurity. Current encryption standards, which underpin everything from patient data storage to secure communications, could become obsolete once quantum computers reach a certain level of capability. Known as quantum cracking, this threat means that data encrypted today could be decrypted tomorrow by a sufficiently advanced quantum machine. For healthcare organizations, which must retain sensitive data for years—or even decades—this is a ticking time bomb.
The real connectivity crisis
Amid these threats, many organizations are distracted by “shiny objects” like AI-driven diagnostics, robotic surgery, and operational automation. While these technologies undoubtedly hold transformative potential, their reliance on secure, seamless connectivity is often overlooked. Without robust cybersecurity measures, the very innovations meant to enhance care delivery could become vectors for attack.
The healthcare sector must recognize that connectivity itself is at a crisis point. Traditional perimeter-based defenses are ill-equipped to handle the complexity and sprawl of modern healthcare networks. Worse still, many organizations continue to rely on open ports and static credentials, which are easy prey for attackers.
Zero-trust: A new paradigm
Zero-trust architecture offers a promising solution to healthcare’s cybersecurity woes. Unlike traditional models that assume trust within a network’s perimeter, zero-trust operates on the principle of “never trust, always verify.” Every user, device, and application must be authenticated and authorized before gaining access to resources. By segmenting networks and applying strict access controls, zero-trust minimizes the potential damage of a breach.
Portless connectivity: Closing the front door
Portless connectivity takes the zero-trust model a step further by eliminating the open ports that attackers commonly exploit. Instead of relying on traditional IP-based communication, portless connectivity uses ephemeral channels that are dynamically established and closed. This approach not only reduces the attack surface but also aligns with the principles of quantum-resistant security, as it can incorporate post-quantum encryption protocols.
Planning ahead: A call to action
The path forward for healthcare organizations requires urgent action. Leadership must prioritize cybersecurity as a cornerstone of their technological strategies rather than an afterthought. This means allocating resources for upgrading legacy systems, implementing zero-trust frameworks, and exploring innovative approaches like portless connectivity.
Key steps include:
1. Risk Assessments: Conduct thorough evaluations of existing infrastructure to identify vulnerabilities, including those stemming from legacy systems and third-party connections.
2. Education and Training: Ensure that all staff—from IT teams to clinicians—are educated about cybersecurity risks and best practices.
3. Strategic Investment: Redirect budgets to focus not just on new technologies but also on the infrastructure and security measures that support them.
4. Collaboration: Partner with industry experts and technology providers to stay ahead of emerging threats, including quantum risks.
5. Future Proof: Map out a plan of attack and be prepared. Begin the design and planning of your future proof connectivity model today.
The cost of inaction
The consequences of failing to act are stark. Beyond the financial costs of ransomware payments and breach mitigation, there is the potential for widespread patient harm. Operational disruptions can delay critical treatments, while data breaches erode trust and invite regulatory penalties. In an industry where lives are literally on the line, the stakes could not be higher.
Healthcare organizations must recognize that the cybersecurity challenges they face today will only grow more complex in the years ahead. By embracing newer approaches like zero-trust and portless connectivity, they can fortify their defenses and safeguard the technologies that are reshaping healthcare delivery.
The time to act is now. Inaction, or lack of awareness of these threats are a recipe for disaster. It’s time to start the conversation, begin planning, and take decisive steps toward a more secure future for healthcare.
About the author: Joseph Funaro is a visionary leader with over 25 years of experience spanning the finance, banking, and healthcare industries. Beginning as an engineer, he has excelled in leadership roles such as Director, Chief Information Officer (CIO), and Chief Innovation Officer (CINO), driving innovation and adopting disruptive technologies to deliver transformative results. Known for his ability to reimagine organizational potential, Joseph specializes in redesigning infrastructure, deconstructing legacy systems, and creating scalable, turn-key models to prepare companies for acquisition and growth. At ZettaHealth Solutions, LLC, he leverages his expertise in data systems, cybersecurity, and software development to advance healthcare delivery, aligning cutting-edge technology with regulatory compliance and operational efficiency.
The healthcare industry is under siege. According to the July 2023 Healthcare Data Breach Report in the HIPAA Journal “There was a 261% month-over-month increase in breached records in July, with 18,116,982 records breached across the 56 reported incidents”. The frequency and sophistication of cyberattacks targeting healthcare organizations have surged in recent years, leaving no institution immune.
Ransomware, data breaches, and other cyber threats are capitalizing on poorly managed solutions and outdated, legacy approaches to cybersecurity. While healthcare organizations scramble to adopt advanced technologies like artificial intelligence (AI) for diagnostics and operational efficiencies, they risk overlooking a critical foundational issue: their connectivity infrastructure. Without addressing these vulnerabilities, the promise of technological advancements may be overshadowed by the harsh reality of compromised patient data and operational shutdowns.
A perfect storm of threats
Healthcare’s cyber crisis stems from a confluence of factors. First, the sector has become a prime target for cybercriminals due to the high value of patient data on the black market. Electronic health records (EHRs) contain a treasure trove of information, including Social Security numbers, insurance details, and medical histories. When this data falls into the wrong hands, the consequences can be devastating, not just for organizations but for patients themselves.
Second, the sprawling nature of healthcare networks—which often span multiple facilities, remote clinics, and third-party vendors—compounds the risk. Each connection point represents a potential entry for attackers. Moreover, the reliance on legacy systems, some of which are decades old, creates significant vulnerabilities. These systems were not designed to withstand the sophisticated attack methods employed today, let alone emerging threats such as quantum cracking.
The looming quantum threat
Quantum computing, while promising unparalleled advancements in many fields, also poses a dire risk to cybersecurity. Current encryption standards, which underpin everything from patient data storage to secure communications, could become obsolete once quantum computers reach a certain level of capability. Known as quantum cracking, this threat means that data encrypted today could be decrypted tomorrow by a sufficiently advanced quantum machine. For healthcare organizations, which must retain sensitive data for years—or even decades—this is a ticking time bomb.
The real connectivity crisis
Amid these threats, many organizations are distracted by “shiny objects” like AI-driven diagnostics, robotic surgery, and operational automation. While these technologies undoubtedly hold transformative potential, their reliance on secure, seamless connectivity is often overlooked. Without robust cybersecurity measures, the very innovations meant to enhance care delivery could become vectors for attack.
The healthcare sector must recognize that connectivity itself is at a crisis point. Traditional perimeter-based defenses are ill-equipped to handle the complexity and sprawl of modern healthcare networks. Worse still, many organizations continue to rely on open ports and static credentials, which are easy prey for attackers.
Zero-trust: A new paradigm
Zero-trust architecture offers a promising solution to healthcare’s cybersecurity woes. Unlike traditional models that assume trust within a network’s perimeter, zero-trust operates on the principle of “never trust, always verify.” Every user, device, and application must be authenticated and authorized before gaining access to resources. By segmenting networks and applying strict access controls, zero-trust minimizes the potential damage of a breach.
Portless connectivity: Closing the front door
Portless connectivity takes the zero-trust model a step further by eliminating the open ports that attackers commonly exploit. Instead of relying on traditional IP-based communication, portless connectivity uses ephemeral channels that are dynamically established and closed. This approach not only reduces the attack surface but also aligns with the principles of quantum-resistant security, as it can incorporate post-quantum encryption protocols.
Planning ahead: A call to action
The path forward for healthcare organizations requires urgent action. Leadership must prioritize cybersecurity as a cornerstone of their technological strategies rather than an afterthought. This means allocating resources for upgrading legacy systems, implementing zero-trust frameworks, and exploring innovative approaches like portless connectivity.
Key steps include:
1. Risk Assessments: Conduct thorough evaluations of existing infrastructure to identify vulnerabilities, including those stemming from legacy systems and third-party connections.
2. Education and Training: Ensure that all staff—from IT teams to clinicians—are educated about cybersecurity risks and best practices.
3. Strategic Investment: Redirect budgets to focus not just on new technologies but also on the infrastructure and security measures that support them.
4. Collaboration: Partner with industry experts and technology providers to stay ahead of emerging threats, including quantum risks.
5. Future Proof: Map out a plan of attack and be prepared. Begin the design and planning of your future proof connectivity model today.
The cost of inaction
The consequences of failing to act are stark. Beyond the financial costs of ransomware payments and breach mitigation, there is the potential for widespread patient harm. Operational disruptions can delay critical treatments, while data breaches erode trust and invite regulatory penalties. In an industry where lives are literally on the line, the stakes could not be higher.
Healthcare organizations must recognize that the cybersecurity challenges they face today will only grow more complex in the years ahead. By embracing newer approaches like zero-trust and portless connectivity, they can fortify their defenses and safeguard the technologies that are reshaping healthcare delivery.
The time to act is now. Inaction, or lack of awareness of these threats are a recipe for disaster. It’s time to start the conversation, begin planning, and take decisive steps toward a more secure future for healthcare.
About the author: Joseph Funaro is a visionary leader with over 25 years of experience spanning the finance, banking, and healthcare industries. Beginning as an engineer, he has excelled in leadership roles such as Director, Chief Information Officer (CIO), and Chief Innovation Officer (CINO), driving innovation and adopting disruptive technologies to deliver transformative results. Known for his ability to reimagine organizational potential, Joseph specializes in redesigning infrastructure, deconstructing legacy systems, and creating scalable, turn-key models to prepare companies for acquisition and growth. At ZettaHealth Solutions, LLC, he leverages his expertise in data systems, cybersecurity, and software development to advance healthcare delivery, aligning cutting-edge technology with regulatory compliance and operational efficiency.