Healthcare and Cybersecurity – How to protect hospitals with NDR technologies ?

Last July, ENISA published its first report on cybersecurity in healthcare. A total of 215 incidents in healthcare facilities were reported across Europe, between January 2021 and March 2023. Hospitals are in the front line, accounting for 42% of targets. In the midst of opening up and digital transformation, the hospital sector is facing successive waves of cyberattacks. They can even block all or part of their activity, forcing some to return to the era of the pencil. However, helping healthcare establishments to control cyber risk requires a resolutely proactive approach, taking into account the constraints specific to the sector. Network protection – and the appropriate technologies – are essential to protect the structures concerned.

Constraints specific to the hospital environment


“Concerns about the cyber threat between hospitals, administrations and companies are similar in that the threat is the same (…) but healthcare has the specificity that we are playing on people’s lives,” stresses Vincent Trély, President of APSSIS (the French association for healthcare cybersecurity).

Some companies took the step of cyber protection many years ago. This is not the case for hospitals. Indeed, the hospital sector must rapidly step up its efforts to prevent such incidents and respond effectively to cyber attacks. However, it must also take into account its structural limitations. Hospitals face three main constraints:

  • the lack of a cyber risk culture among nursing staff
  • an often tight budget
  • a particular technology spectrum.

Despite growing awareness of cybersecurity issues, there is still a certain reluctance to use these tools and protocols. Indeed, healthcare staff fear that their tasks will become too complex, compared with the daily protection provided by these tools. As a result, the CISO of a healthcare establishment is constantly negotiating with the players involved, not only to raise their awareness, but also to secure a sufficient budget. Indeed, a hospital dedicates 1 to 2% of its budget to cybersecurity prerogatives, whereas companies allocate an average of 4 to 5% of their total budget. Having different cyber protection technologies dedicated to the particularities of each department is utopian. Today’s budgets need to be substantial, so that in addition to hardware (scanners, MRIs, etc.), specific investments can be made in technologies to secure the IS as a whole.

The importance of network technologies


Nevertheless, hospitals have already reached a certain level of maturity. In particular, they use endpoint protection platforms (EPPs) to control known threats. However, in view of the considerable development of cybercrime techniques, healthcare establishments need to protect themselves against advanced threats (APT).

To this end, investments have been made in SIEMs (security information and event management systems) and EDRs (endpoint detection and response systems), securing the various terminals in the facility. Moreover, many perimeter protections, focusing on direct protection at the entrance to the Internet, are already well in place, and already feature advanced technologies such as AI.

But today, hospitals are looking to go even further. Like companies, hospitals are striving to invest in new technologies, this time for network protection, through the use of NDR technologies. According to Vincent Trély, “all these technologies are being deployed, but there is a clear acceleration in the use of probes, NDR, XDR, network monitoring, SOC and so on. And this is going to be extremely dynamic over the coming years”. With only 22% of companies using NDR, its use has risen by 7 to 8 percentage points compared to last year, one of the most significant developments among all the technologies available to companies, proof of its strong appeal. With 80% of attacks passing through the network, protecting it has become essential.

What are the benefits of NDR for healthcare establishments?


These NDR technologies offer many comparative advantages for hospitals. Medical equipment makes up a large part of a hospital’s IT infrastructure, and is connected to the network. However, these equipments are often not explicitly approved by the hospital’s IT department (Shadow IT). While they represent a strong capacity for innovation and productivity enhancement, they can also entail additional risks, particularly in terms of cybersecurity. Indeed, these machines do not comply with the cybersecurity standards that could have been imposed by the IT department.

NDR technologies positioned on the network are thus able to identify all external devices and assets connected to the network. Potential threats are easily detected and automated when these technologies make use of AI and Machine Learning. In this way, NDR technologies support hospitals that do not have sufficient human resources to process information feedback.

In addition, the NDR makes it possible to maintain the network flow, and de facto the hospital’s activities, if a threat were to be detected. Indeed, how can we guarantee patient care and smooth hospital operations if a cybersecurity solution blocks all hospital flows? Jean-Christophe Combe – former French Minister for Solidarity, Autonomy and the Disabled, and François Braun – former French Minister for Health and Prevention, stated: “There is no shortage of tools, but they lose all effectiveness if they are not perfectly integrated (…)”. Because it is integrated within the ecosystem, an NDR solution can interconnect with the cybersecurity system already in place, so as not to disrupt the existing architecture. In this way, it reinforces existing tools to detect threats coming from inside the network, as well as weak signals that are precursors to cyber-attacks.

What’s next ?


NDR’s technologies provide a precise response to the growing cybersecurity needs of healthcare establishments, while adapting to the specific nature of their information systems. Thanks to their effectiveness, these technologies will eventually make it easier for healthcare staff to understand the challenges of cybersecurity. However, this cannot be achieved without complementary action on the part of each country.

Despite divergent national healthcare systems and the European Union’s limited competences, harmonization of the treatment of cyber-attacks in the healthcare sector must be considered, since no member state is exempt. ENISA’s latest report provides lots of valuable information for risk management to cybersecurity professionals in the sector, with cyber hygiene practices to put in place.

The facts are in, and now it’s time to put them into practice.