Securing Against Cyberattacks In Healthcare

Innovation Securing Against Cyberattacks In Healthcare Andre Sublett Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Sep 1, 2022, 09:30am EDT | Share to Facebook Share to Twitter Share to Linkedin Andre Sublett, Vice President Data and Advanced Analytics, Concord Technologies .

getty In April 2022, the U. S. Department of Health and Human Services (HHS) issued a warning about “an exceptionally aggressive, financially motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently.

” The group victimized a network of Ohio and West Virginia hospitals and clinics, forcing the facilities to postpone surgeries and radiology exams. In a separate earlier ransomware attack , a Vermont health network was paralyzed after an employee mistakenly opened an email file from their homeowners’ association, which had been hacked. In yet another healthcare breach reported by Bloomberg, hackers gained access to “live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

” As the value of patient data has skyrocketed, so have health system data breaches—which are now at an all-time high . These breaches are costly to healthcare organizations and threaten patient privacy and safety. Most commonly, hackers use ransomware—a type of malicious software that spreads through networks and encrypts files as it goes.

The hackers then demand payment for decryption. How are they getting in? Phishing through emails has become much more sophisticated in recent years, focusing on social engineering to successfully target and entice users to click on malicious links. Simply put, the security and privacy of sensitive health information have never been more under threat.

Organizations must take necessary steps to protect themselves from cybercriminals and devasting attacks. Human Error Is A Chief Culprit This protection can be a tall order because sometimes employees are not even engaged in an attack. Through other means, hackers can exploit high-value devices such as medical imaging equipment, infusion pumps and even life-support systems.

These technologies require regular internet connectivity to manage and keep up with new operating standards and protocols, which often exposes hundreds of firewall holes representing potential entry points for bad actors. MORE FOR YOU Google Issues Warning For 2 Billion Chrome Users Forget The MacBook Pro, Apple Has Bigger Plans Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event As ransomware tactics become increasingly targeted through phishing, many rank-and-file health system employees are not technically savvy enough to adequately protect their organizations. Intricate cyberattack schemes targeting health systems necessitate continuous vigilance and data protection by the organization and its individual employees.

From an organizational perspective, that kind of layered approach offers security in depth (SID), which can prevent one attack surface from being leveraged to attack others. By using multiple layers of security to safeguard data, an organization can minimize the impact of a breach so the entire system—or multiple systems—isn’t compromised. Keep in mind, however, that while SID is a critical component of cybersecurity prevention, people are an organization’s greatest vulnerability.

Ongoing education and a variety of easily implemented tools can do much to lessen the threat. For instance, when educating employees about vital security practices, organizations can supply tools such as password lockers and generators to encourage the safe and secure storage of strong passwords. Corporate password tools should be available for download, and employees should be trained on how to set up rules and filters for email accounts to differentiate unknown senders from address book contacts.

That’s because hackers can easily change the name of a sender but not the actual email address. General password hygiene is a vital part of cybersecurity education for employees as well; do not use one password across various sites and systems, and do not share passwords with others, screenshot them or write them down on sticky notes. Engage employees with password best practices and provide frequent reminders.

Employees also should be aware of the dangers of merging email accounts on mobile devices. Mixing corporate and personal affairs can lower a recipient’s awareness of “unsafe senders,” such as emails from favorite stores, video streaming services or social media sites. Hackers can collect or buy information about potential targets to discover what types of interests and vendors resonate with users.

They can exploit this information to gain system entry via malicious links. Creating a strong division between work and personal email can help mitigate this risk. Practice Makes Perfect Another cybersecurity best practice for healthcare organizations includes regular phishing simulations.

Considering the broad range of challenges users face regarding email threats, creating simulations to test employees can provide an excellent opportunity for feedback when they fall for a simulated attack. Employees then can be coached with specific information to significantly reduce future phishing security risks. On the organizational end, running simulations to test disaster recovery and backup systems is also integral to data protection.

A thorough simulation engages every person and/or team who’d be actively involved in handling a data breach. By testing the incident process both during the workday and off-hours, IT leadership can ensure it’s developed an appropriate, effective and quick breach-response process. Healthcare’s increasingly complex systems environment demands the oversight of seasoned cybersecurity experts.

Secure access to and transmission of sensitive data is paramount for the provision of high-quality care and requires a great deal of diligence, expense and expertise to manage. Healthcare organizations must consider the costs of a data breach and remain proactive to mitigate threats and prevent attacks. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.

Do I qualify? Follow me on LinkedIn . Check out my website . Andre Sublett Editorial Standards Print Reprints & Permissions.