How to mitigate cyber attacks in healthcare

Healthcare cybersecurity: protecting vital systems and sensitive data

An ounce of prevention and a pound of cure can help healthcare organizations protect their patient and clinician data.

This data is particularly tempting to hackers as it contains full names, addresses, phone numbers and birthdays. It sometimes even contains payment information and social security numbers. The data is also, unfortunately, often easier to access than in other organizations. Many hospitals use vital and life-saving yet older equipment that unfortunately don’t have the security protocols in place that newer devices have. The fact that many patients move from one healthcare location to another also creates more access points, and the last-minute scramble many organizations went through to quickly move as many people to remote working as possible sometimes resulted in some unfortunate areas of vulnerability.

So how can your organization mitigate healthcare cybersecurity threats and improve its security posture?

With the right processes, policies and administrative tasks, healthcare organizations can prepare for cyber attacks. They can prevent many of them, as well as respond swiftly when they do detect an attack.

Create thoughtful, enforceable security policies

It’s sometimes hard to find time to take a big step back and to look at the big picture, but this is vital — for healthcare organizations in particular.

There are so many moving parts in the healthcare technology ecosystem that IT administrators must take in the whole picture. And that picture includes complying with rules governing healthcare organizations such as HIPAA in the US and rules put in place by the Care Quality Commission in the UK.

Taking the time to consider all of the factors in hardening a healthcare organization’s security posture is time will spent. This will help IT to create strong compliance policies that can truly help to keep the whole system secure.

A great way to see the whole picture is to take a look at benchmarks put in place by security organizations such as the National Institute of Standards and Technology (NIST), Center for Internet Security) or The National Cyber Security Centre.

These benchmarks were created to ensure endpoints are hardened and organizations are following industry best practices and can help you get started on a cybersecurity compliance policy that makes sense for your organization.

Keep software and operating systems updated

Believe it or not, according to a recent study unpatched vulnerabilities are one of the most dangerous and frequently-used access points for hackers.

That’s why healthcare IT security teams need an excellent patch management system and workflow to ensure that they aren’t allowing costly breaches simply through inaction.

Automation is key to ensuring that IT can track everything and update it the instant it is available. It also removes the factor of human error. Use a good mobile device management system that can automate the integration of inventory tracking with OS and app update and patch tracking.

A well-provisioned Mobile Device Management (MDM) product that offers administrators the option to create and enforce compliance policies, and to automate that enforcement, is a must.

You’ll also want to ensure that any security and MDM organizations you partner with offer zero-day support and deployments for the operating systems and applications your facility uses. The first day that operating systems or heavily-used applications push out upgrades or new versions can be a dangerous day if you don’t ensure that your patches and updates occur immediately. It’s important that they offer features that fortify endpoint security and safeguard data, as well.

Protect mobile devices

Mobile devices such as iPhones or iPads —especially those using a shared iPad model— present unique challenges.

In addition to ensuring updates and patches, you’ll need to consider how to incorporate Mobile Threat Defense: dynamic protection against cyber threats targeted against mobile devices. You’ll also need to keep patient information secure and protected from subsequent patients using the same device— and that someone getting physical access to a device can’t misuse it.

This will mean an excellent security product aimed specifically at the OS supporting your mobile devices, and one that uses behavior-based security to respond dynamically to suspicious behaviors or pieces of code on your mobile devices. It should also include conditional access, which provides policy-based management that permits or restricts access to resources based on device health,minimum configurations and requirements for certain apps to be installed and enabled, like Zero Trust Network Access (ZTNA). Your solution should offer policies that work in conjunction with identity provider (IdP) solutions to ensure device and end-user security is always maintained in the face of ever-changing threats.

You should also consider how individuals access devices. The most secure way to do this is with ZTNA, removing a client or VPN and replacing it with secure access that ensures only the right person on the right device can access the system— and that connections are always encrypted.

Plan for a healthcare security breach

The best-laid plans “gang aft a-gley,” as the poet says. No matter what you do to shore up security and prevent healthcare cyberattacks, truly innovative bad actors will find a way.

A crucial part of a holistic security strategy is accounting for threat response. Ensure you have workflows for triaging and remediation workflows. Whenever possible, use automation to simplify these processes so issues can be stopped before they become something worse. A security system that uses not only behavior-based logic but also sandboxes suspect behaviors can go a long way in automatically preventing or mitigating damage when someone does get in.

But automation can only go so far. You’ll need a system that can send the right alerts quickly to the right person to fix it. Monitoring and detection solutions paired with centralized reporting such as a security information and event management (SIEM) system, that sorts and prioritizes threats collated from various logs, aid IT in addressing issues efficiently.

Stay in compliance

The great thing about healthcare security is that the work is never done, which gives you opportunities to harden your security posture even further. Securing your healthcare network is an ongoing, iterative process.

Modes of attack and new security requirements from governing entities change. Your partners, with their accompanying security vulnerabilities, change. You can’t just set up a system and rest on your laurels.

A solid point to consider is iterative reviews of policies and processes to identify potentially new issues in how IT and security teams work. You’ll need to set regular times to go through your original plan for security and regulation compliance, gathering data on what is staying in compliance and what has drifted, as well as using that data to see if there are any new protocols or frameworks to put in place or old ones that no longer serve. Use frameworks as much as possible to handle the heavy lifting and provide guidance for managing security and compliance.

Creating workflows to regularly review the workflows may seem like a ‘bit much,’ but when it comes to securing your organization’s data and devices, you’ll be glad you were ‘a bit much’ when you face new healthcare cyberattacks in the future.