During a routine visit to the doctor, he asked what I did for a living. I explained that my work consists of helping companies to detect information security vulnerabilities. We then help them to test and train their employees to make the necessary corrections. My doctor listened attentively and said: “Thank you for the work that you do.” I did not expect that response. He went on to say that in hospitals they’re under constant fear of a ransomware attack and how critical this would be. Patients as well as doctors depend on technology to receive and provide life-saving treatments and procedures. In healthcare, the loss is not only economic. As my doctor plainly said, “people will die.” Why has healthcare become such a target for cyber-attacks? And what are some ways that we can lessen the deadly risk of cyber-attacks on healthcare?
Lives Are at Stake
According to a global survey conducted by cybersecurity firm Sophos, ransomware attacks on healthcare organizations have increased 94% from 2021 to 2022. Thecrimereport.org has reported some of the detrimental effects of such attacks, such as delayed chemotherapy treatments and ambulances being diverted from a San Diego emergency room after computer systems were frozen. Not to mention, the mother who blamed a 2019 hospital hack for the fatal brain damage of her newborn after heart rate monitors failed. The potentially devastating consequences are a few of the reasons why medical facilities are a high-profile target. The Guardian reported: “in 2021, 61 percent of healthcare organizations that suffered a ransomware attack paid the ransom – the highest percentage of any industry sector.” The Cybersecurity and Infrastructure Security Agency (CISA) has advised hospitals against paying ransoms. However, providers feel they have no choice since lives are at stake.
Reduce the Risk
There’s no magic formula to prevent cyberattacks. However, there are steps you can take to reduce the risk of a damaging attack:
- Implement multi-factor authentication for all remote access to the network, as well as privileged or administrative access.
- Protect the network with antivirus and antimalware software.
- Regularly update internet browsers, computer operating systems, and applications.
- Back up important files on a routine basis.
- Never open links or attachments that seem suspicious or come from unfamiliar sources.
Be Prepared
The challenge is that criminals are constantly finding creative ways to defeat cyber threat defense initiatives and health-care organizations increasingly transmit data electronically. Effective cybersecurity is a combined effort involving technologies that protect digital data and well trained, security conscious employees. Be prepared to respond to a possible cyberattack by having a crisis response team. Designate different members to take charge of technology, communications, legal issues, and business continuity. According to American Hospital Association it is “critical that a cross-function, leadership-level cyber incident response plan be fully documented, updated and practiced. This should include emergency communications plans and systems.”
According to Firewall Times 98% of cyber-attacks involve some form of social engineering, so it is essential to have well-trained staff to have the best security posture possible. It is not sufficient to have a written security policy that each employee signs as acknowledgment. Implementing mandatory security awareness training will help employees to understand the company’s cybersecurity and information security policies and their importance. Moreover, employee testing by means of phishing and vishing is highly effective, not only to reveal the corporation’s vulnerabilities but also to help employees continue to train their security mindset.
Empowered Employees are Safer Employees
Threats to information security consistently focus their attacks on company employees. Empower your employees with the right knowledge to keep your organization safe. Rather than viewing employees as the weaker link, view them as security partners who play a vital role in your organization’s security program.
Written by: Rosa Rowles
Images:
https://www.linkedin.com/pulse/what-2022-has-store-healthcare-cybersecurity-aarushi-nair
https://netgaincloud.com/blog/how-to-create-a-cybersecurity-training-curriculum/
At Social-Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit https://www.social-engineer.com/managed-services/.