Do you know where your healthcare system is vulnerable? As new technology and innovation continue to emerge in healthcare, vulnerabilities aren’t falling behind and pop up everywhere. So, what can you do? To protect your organizations, first of all, you need to be aware of the most vulnerable areas of the healthcare system’s cybersecurity. Here are my top five recommendations on the subject.
#1. Devices that you have limited or no control over
As the lines between personal and work devices blur, your systems and data are only as safe as your most insecure employee’s device. Now with wearables in the market, healthcare employees want information while on the move. How do you manage the data that is stored or passed through those devices? How do you manage devices that you don’t even own? Having the right suite for endpoint protection is critical, along with the right monitoring tools for all the devices on the network.
#2 Phishing attacks
Phishing has been and will continue to be a hacker’s easiest win. To reduce the phishing vulnerability, start with training. Use real-life examples and devise social engineering campaigns to give yourself a baseline for employee reaction to a phishing attack. What’s important here is to keep it current; don’t use phishing attacks that were used 15 years ago. Hackers tend to use phishing attacks that relate to the environment. At the end of the year, look at phishing attacks linked to raises and new employee benefits. In February – April, look for those that relate to taxes and IRS. Use two-factor authentication methods to add a layer of protection for your assets.
#3. Unsecured medical devices
Medical devices are now entering the market at a staggering rate and helping with medical diagnostics and treatment. Network segregation is a great way to help limit the attack surface that medical devices create. Firewalls and port blocking also helps tremendously, but when these devices leave our organization’s walls, then what? How do you protect something that is out of your control perimeter? This is where device manufacturers can help healthcare security professionals understand the risks and what can be done to secure medical devices, wherever they are. What is comforting is that more and more the security vendors and the manufacturers begin to understand this and are trying to develop technologies to help secure medical devices.
#4. Data
Providers want data on their desktop or laptop, as well as on their mobile devices in and out of the hospital, because they want to be efficient in healing and helping. However, most of those devices are unsecured, and anyone could potentially walk away with the said laptop, handheld device, flash drive, or even the desktop. What’s even more shocking to me, is that in today’s day and age, when encryption is a must, these storage devices are not encrypted. Granted, some of them are outdated, but even more up to date endpoints and mobile storage devices remain unencrypted. Encrypting data is vital to protecting your data assets. A second tier of data protection lies in limiting the use of USB thumb drives and external storage devices. And finally, to safeguard your sensitive data, limit access to it according to need to know basis.
#5 Take stock
Like all industries, healthcare is undergoing major and rapid changes, as more and more discoveries are made and innovative technologies emerge that help care for patients and prevent or cure illnesses. Extensive networks of systems and communications, along with the new devices that come along so frequently, make healthcare organizations more vulnerable than organizations in other industries and a favorite target for hackers and malicious actors. So, it’s important to take stock of what’s going on in your healthcare organization and use a combination of training and technology to keep your most valuable resources safe.
To learn more on how to build a secure healthcare network, read our e-book: https://ibm.biz/BdZvrM