Legacy architecture, awareness gaps stifle microsegmentation adoption in healthcare

Lateral movement attacks, in which cyberthreat actors gain initial access and then traverse a network freely, are pervasive in healthcare. Nearly half (49%) of surveyed healthcare cybersecurity decision-makers said they experienced a lateral movement attack in the past year, new research found. Despite this trend, just 6% of healthcare organizations have deployed microsegmentation across more than 80% of their critical systems. 

Microsegmentation is a security method that segments a network into granular security zones. It uses policies to dictate how certain applications or workloads can share data within a system.  

Unlike network segmentation, which relies on hardware and caters to client-server traffic between data centers, microsegmentation relies on software and is tailored to east-west traffic, or server-to-server traffic between applications. Microsegmentation ensures that only authorized entities can communicate with each other, blocking unauthorized lateral movement. 

The research was conducted by technology research firm Omdia and commissioned by microsegmentation vendor Elisity. Omdia surveyed 352 U.S. cybersecurity decision-makers in the healthcare and manufacturing sectors, including security architects, chief information security officers and network security leaders. 

The report explored the evolution of microsegmentation, from time-consuming network segmentation strategies to first-generation microsegmentation to next-generation microsegmentation, which it says offers an easier path to deployment. Despite this evolution, healthcare organizations have not yet adopted modern microsegmentation at a large scale. 

More than half of respondents ranked microsegmentation as their top initiative to stop lateral movement but many said deployment is lagging for several reasons. 

First, legacy architecture is stifling adoption. Healthcare organizations still rely on access control lists, layer-2 virtual local area networks and perimeter firewalls as well as the time-consuming manual updates that come with these technologies. 

"This also creates latency which poses challenges for critical verticals, specifically healthcare where real-time policy enforcement is needed," the report stated. 

What's more, early microsegmentation tools cannot be deployed across medical devices and patient monitoring equipment -- categories of technology the report described as largely unpatchable and incompatible with agents, yet mission-critical to patient care. 

"This can lead to gaps in coverage, and even where the vendors have moved to incorporate firewall rules into their product alongside the agents, the resulting management complexity means significant operational overhead," the report noted. 

Awareness gaps are also contributing to the adoption lag, with just 18% of healthcare respondents reporting hands-on experience with modern microsegmentation.  

The report suggested that next-generation microsegmentation can solve some of these challenges, as it takes an identity-first approach, "thereby obviating the need for an agent on the workload and overcoming the significant operational overhead and coverage gaps associated with first-generation agent-based solutions." 

The report acknowledged that microsegmentation is just one aspect of a strong security program. Survey respondents stressed the need for segmentation tools to integrate seamlessly with their security information and event management and endpoint detection and response systems to be truly beneficial. 

"Modern microsegmentation is a Zero Trust approach to securing digital assets, particularly in the more dynamic environments of cloud and hybrid computing, where both legacy network segmentation and first-generation microsegmentation tend to fall down, on account of their limited scope and operational challenges," the report concluded.  

"As such, we would counsel all organizations seeking to provide security to applications, workloads, and data stores to familiarize themselves with the more recent innovations in microsegmentation, comparing them with what has gone before." 

Disclosure: Informa owns a controlling stake in Informa TechTarget, the publisher behind Healthtech Security and parent company of Omdia. Informa has no influence over Healthtech Security's coverage. 

Jill Hughes has covered health tech news since 2021.