Blog

Increasing Healthcare Cybersecurity With a Proactive Defense Strategy

March 4, 2021
Steve Fox

The healthcare sector has a well-known reputation for stringent privacy regulations to protect patients and clinicians. However, these regulations do not stop cybercriminals from preying on vulnerabilities. And, 2020 certainly provided a plentiful bounty of challenges, disruptions, and vulnerabilities. According to IBM’s 2020 Cost of a Data Breach Report, healthcare companies are “incurring the highest average breach cost of any industry: $7.13 million per incidence,” which is a 10% increase from 2019. Now, in 2021, experts predict cyberattacks against these institutions to increase by double or even triple.

Many healthcare institutions are already preparing to increase spending on cybersecurity measures over the next several years. As cybercriminals become more sophisticated and complex in their approach, healthcare IT security teams must be at the ready with a proactive defense strategy.

TAKE RISKS SERIOUSLY

Ensure cybersecurity is a regular topic of discussion during executive or board meetings. Educate c-suite executives and administrators about existing and emerging security threats (e.g., ransomware, data breaches, malware). Review strategies for monitoring risk and response protocols should a threat become a reality. By holding a standing place at the leadership table for security discussions, your team will be better educated and equipped to respond quickly to new threats or risks.

ASSESS CYBERSECURITY HEALTH AND READINESS

Start with an audit of your existing infrastructure, security tools, vendors, training programs, and security policies and procedures. Through this comprehensive assessment, your team can quickly identify and prioritize points of risk within your systems and processes as well as external vendors.

Your team also can assess the effectiveness of existing training programs. Given that new information about cybersecurity innovations and cybercriminal activity is released on a continual basis, your training program also should be refreshed on a continual basis to remain effective.

When assessing your cybersecurity health, be sure to focus on the following nine key areas:

  1. Third-party vendor management (e.g., service provider risk)
  2. Security management (e.g., roles and responsibilities)
  3. Security architecture (e.g., deployment methodology, requirements)
  4. Threat and vulnerability management (e.g., emerging threats, assets)
  5. Identity management (e.g., authentication, access control)
  6. Awareness and education (e.g., security awareness, staff competence)
  7. Incident and crisis management (e.g., business continuity plan, monitoring, and detection)
  8. Regulations and policies (e.g., regulatory compliance, policies, and standards)
  9. Emerging technologies (e.g., new technology adoption, data protection)

Further, it’s important to invest in proactive precautions, including rotating backups, continuity plans, and regular system patching.

ASSESS ENDPOINT RISK

One clear method for assessing and addressing cybersecurity risk points is to start from the perimeter and work inward to the core. Laptops, mobile devices, and residential workstations are commonly thought of as endpoints. But in this scenario, we will view them as to start points, since these are typically points of entry for cybercriminals. The rise in telemedicine, for example, has created a potential point of risk for many healthcare providers, and by extension, their home base facilities.

Telemedicine is typically accessed from home, beyond the facility firewall, and via a cloud-based application. Phishing attempts and weak network security provide ample opportunity for cybercriminals to take advantage. Further, Security Magazine highlights, “Voice assistants, connected home devices, even refrigerators have Internet connections these days, making them easy points of entry to penetrate private networks and reach endpoints.”

INCREASE PASSWORD AND SYSTEM ACCESS SECURITY

The easiest way for a cybercriminal to gain access to your system is to take advantage of weak links in your system or network accessibility. As a preventive measure, IT leaders should take a hard look at existing password requirements and levels of access across the healthcare ecosystem. Staff members should only be able to access systems and information required to perform their job effectively. Cinch up the access and permission levels across the organization, and set a standard to review these permissions on a regular basis. Also, require staff members to use a strong password for system access, and require that these passwords be changed at regular intervals (e.g., every 6 weeks). We also recommend enforcing two-factor authentication to add another layer of security.

LEVERAGE ADVANCED TOOLS FOR THREAT DETECTION

Due to the sensitive nature of healthcare data and system security, it’s essential that healthcare IT leaders invest in advanced tools for cybersecurity threat detection. These tools can assist your team and organization with identifying phishing attempts, blocking malware, and alerting your team to ransomware threats.

PROACTIVE DEFENSE VS. REACTIVE OFFENSE

When it comes to cybersecurity, especially for healthcare organizations, it’s critical to take a proactive approach. By assessing the current health of cybersecurity measures in place, as well as the effectiveness of training and education across the organization, you can ensure you stay on top of existing and emerging threats. A little extra effort will go a long way to allow you to address potential risks before they become a costly reality.

«  Back To All Articles
Next Article
  »
Misconfigurations for Office 365
5 Most Common Attacks That Dodge Your Firewall.
4 Pentest Paradoxes You Must Get Right
Do a Risk Assessment before buying MDR
6 Rules of Engagement for any Penetration Test
Cyber Alliance Program
Your Perimeter is Disappearing
Cybersecurity Acronyms for Retirement Administrators
XDR, MDR, SOAR - Acronyms of Cybersecurity Detection & Response
Test Blog Post 3
Test Blog Post 2
White Paper - XDR for Retirement Systems
The Total Cost of Ransomware - 7 Categories
The Power of Data Continues to Grow
Who Shares Responsibility for Data Security in a Health Crisis?
Identifying Cloud Security Gaps in a Remote Workforce
Mid-year Threatscape Assessment and Review of Significant Cyber Incidents
Front Line Report: 2020 Election Cybersecurity Threats
The Rising Stakes of Compliance: GDPR, CCPA, and Others
Increasing Healthcare Cybersecurity With a Proactive Defense Strategy
5 Ways to Lower Risk and Maintain Privacy in Your Organization
9 Tips for Detecting and Preventing DDoS Attacks
5 Ways to Secure Your Access Control Vulnerabilities
6 Strategies to Prevent SQL Injection Attacks
7 Commonly Neglected Security Tasks: DMARC, DNS Calls, And More
The Impact Of A Cyber Attack On A Nation
History Matters: Cyber Attacks From The 1980S
What Healthcare Organizations Need To Know About Samsam Attacks
Reflecting On 2019: Blockchain, AI, Machine Learning, Cryptojacking, And More
California Consumer Privacy Act (CCPA): What You Need To Know
Why Covid-19 Phishing Criminals Love Machine Learning (Ml)
Malicious Bot Activity Continues To Rise As Employees Work From Home
How Crypto-Agile Is Your Organization?
How Businesses Can Prepare For The Coming Iot Surge
Where To Find Cybersecurity Help: Addressing The Security Expert Shortage
Ransomware: To Pay Or Not To Pay?
How Expensive Is A Data Breach?
Looking Ahead: The Cybersecurity Landscape In 2021
Attack On Solarwinds Infiltrated U.S. Government Networks: What It Means For You
5 Best Practices To Secure Your Remote Workforce
Top 5 Most Dangerous Ransomware Attacks — And How To Protect Your Business
Reduce Data Breach Costs With Artificial Intelligence
5 IoT Trends To Continue Watching In 2021
AI Poisoning: What You Need To Know To Protect Your Business
Zero Day Exploits: Advanced Cyberattacks
Why Users Should Never Auto-Fill Forms: Browser Exploit Overview
Don't Be Fooled By Padlocks And SSL Certificates
5 Ways To Shield Executives From Whaling Attacks
How Artificial Intelligence (AI) Is Helping Cyber-Criminals
Why Breaches Are Becoming More Difficult To Defeat
History Matters: Cyber Attacks From The 1960S
History Matters: Cyber Attacks From The 1970S
History Matters: Cyber Attacks From The 1990s
History Matters: Cyber Attacks From The 2000S
The Rise Of Mobile Malware
Growing Concerns Over Voice Phishing Scams
Stopping The Spread Of 5G Security Vulnerabilities
Why Small Business Is A Big Cyber Crime Target
Feeling The Heat: Geopolitical Cybersecurity Threats
The Role Of Artificial Intelligence In Effective Cyber Attacks
Absolute Zero: Zero Trust And Zero Standing Privileges
Data Security Challenges in the New Era of Remote Work
Why Penetration Testing Has Never Been More Important
5 Ways to Protect Your Business From Phishing Attacks in 2021

join our email list

Security Pursuit logo
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
Professional ServicesProduct Solutionsaboutpartnersblogcontact
denver office
2000 Araphahoe Street, Suite 1
Denver, CO 80205
720-675-7668
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
san francisco office
2315 Montgomery Street, 10th Floor
San Francisco, CA 94104
415-735-4225
© 2021
Designed by H1 Web Development