Top cybersecurity practices healthcare facilities should implement
Does your healthcare facility use cybersecurity best practices to protect its assets? If not, it should.
Every industry needs cybersecurity protocols in place to protect what they value most; the customer and employee. In the case of healthcare, the security of patients and employees is of the utmost importance, especially since nearly 90 percent of healthcare organizations, according to a 2016 Ponemon report, experienced some sort of data breach within two years of that research being published. Patients and staff trust healthcare facilities with their private information, and so it is the responsibility of those facilities to protect that data.
Cybersecurity breaches come at a high cost for companies. In fact, a 2016 Ponemon Institute survey of 383 companies around the world, according to Security Intelligence, found that the total cost of a data breach is now $4 million—up from $3.79 million the year prior. There are many ways hackers can infiltrate a system, so all business and computer owners must take steps to secure their systems. In the long run, doing so prior to an incident will save money by preventing or limiting the cost of recovering from cyber-attacks.
Be a smart user
Typically, the most vulnerable point in a network is users who use that network simply because they’re unaware of the lengths hackers go to steal sensitive data. That’s why it is important to train employees on cybersecurity best practices so they don’t put themselves or their facilities in danger. The more informed employees are, the less likely they are to click on malicious content, attach unsecured material to the network or provide unauthorized people access to critical data.
Two types of cyberattacks employees should know about are:
Phishing attacks: Cybercriminals use this type of attack to con users into revealing sensitive information or downloading malware through electronic communication. Phishing attacks can target a specific person (spear-phishing or whaling), or they can be aimed towards groups.
In May 2017, UC Davis Health suffered a potential security breach, according to a HealthITSecurity.com, when an employee opened a phishing email. The hacker gained access to this account, posed as the employee and emailed other UC Davis Health employees requesting large sums of money. The breach affected up to 15,000 people.
Ransonware: This is a sophisticated piece of malware that blocks users from accessing their files, requiring that they pay a ransom to regain access.
In May 2017, ransomware affected 74 countries in Europe and Asia. The attack greatly affected the National Health Services in the United Kingdom, and it caused appointments to be cancelled, reported Fox News, and patients to be turned away.
Protect your IP devices on the network
Cybercriminals are aware of just how valuable patient data is. This information, in fact, is actually worth ten times more than credit card data on the black market, said Greg Enriquez, CEO of TrapX, according to Dark Reading.
If hackers gain access to a hospital’s network, they could potentially obtain video footage either on location or remotely. The best way to prevent this is to enable encryption in your security solutions, which encode footage if it’s extracted, and constantly update the firmware.
All points in a healthcare system are vulnerable to being breached, which is why it’s imperative to be proactive and implement cybersecurity best practices. If not, patient and employee privacy, and the institution’s reputation could be at stake. Furthermore, operations could come to a standstill.
Implement a well-rounded cybersecurity approach
The best ways to combat hackers is to stay informed about the latest threats and security protocols and adhere to well-rounded cybersecurity protocols in your day-to-day operations. Our Cybersecurity eBook provides tips for everyone from beginners to experts. In it, we expand on the steps I’ve outlined here so you can secure your healthcare facility’s network. Here are several ways to do so:
1. Control access to sensitive data
Organizations should implement two-factor authentications with important files, such as patient information, to make it more difficult for hackers to access data.
In a recent report, Verizon revealed that 25 percent of security incidents both intentional or unintentional are caused by insiders—a person within the organization who has access to information typically unavailable to others. To prevent insider access, healthcare facilities should implement the principle of “least privileged accounts.” This ensures users only access the resources needed to perform their job. These parameters can be part of an operating system or built into an application; they could be done manually using an access control list or with role-based access control and would involve requiring a password to protect data from unauthorized access.
2. Use a firewall
All healthcare facilities should use a firewall to protect against outside intrusions and cyber threats. Anti-virus programs destroy malicious software that gains access to a network, but a firewall prevents it from entering the network in the first place.
3. Install and update the latest software and firmware
Cybercriminals often compromise networks through viruses. Even a device protected by the latest security software can be breached by outwardly innocent, but actually harmful, flash drives, emails and links. It’s not enough to install the latest software and firmware; you also need to continuously update it (especially when new security patches are released).
4. Set a plan!
Cybercriminals can hack any network at any moment, which is why it is best to have an emergency plan in place in case this happens. A solid strategy will enable employees to spend their efforts taking swift, aggressive action to thwart the actions of criminals and protect vital information.
5. Use strong passwords
Passwords are often the first line of defense in preventing unauthorized access to systems. In fact, 81 percent of hacking-related breaches are due to either stolen or weak passwords.
How can employees better protect their systems? Here are two common practices:
- Employees should always use different passwords for each device they use. This ensures that if one device is breached, a hacker can’t use the same password to infiltrate other ones.
- Employees should use strong passwords that aren’t easily identifiable. Weak passwords include words found in the dictionary or personal information such as birthdays, pets or information that one can learn on a social network site. Strong passwords typically include eight or more characters, both upper and lower-case letters, special characters and punctuation.
You won’t be able to prevent every breach, but following the steps outlined here will help minimize the chance your healthcare network gets hacked. Training and ensuring your staff is aware of threats will reduce the likelihood of your system being breached. It is best to take every precaution when it comes to cybersecurity to create a strong and safe network. In the end, this could potentially prevent legal action, a compromised reputation and millions of dollars.