The most valuable asset without a doubt for healthcare organizations is patient data. The recent global WannaCry malware outbreak, one of the largest healthcare security threats on record, wreaked havoc on the healthcare industry. Major surgery operations and appointments were canceled and ambulances diverted away – not because of resources shortages, but because trusts were under attack. If there’s anything we’ve learned from the recent cyber breaches that have occurred this year, it’s that the industry must move towards smarter cybersecurity practices in order to confront and prevent cyberattacks sooner.
As Tom Gilbert, CTO, Blue Ridge Networks says, “While the number of breaches continues to increase, organizations are realizing that one product alone won’t be the holy grail of cybersecurity defense.” Because attacks are becoming more targeted and sophisticated than ever before, some healthcare organizations are turning to a defense in depth strategy, “to protect against the many different attack vectors that are being used today, and multiply their cyber defense exponentially,” Gilbert adds.
One of the biggest challenges healthcare organizations face is having a complete “understanding of what exactly a defense in depth strategy is,” Gilbert says. “Many organizations often refer to two of the same type of cyber defense mechanisms as defense in depth, but that’s not the case.”
A true defense in depth approach involves multiple layers of defense with several layers of preventing or eliminating threats. “For instance, some organizations could benefit from an Identity Access Management (IAM) solution with an added Network Access Protection (NAP) solution,” Gilbert adds.
Authentication is a key component to a defense in depth strategy, which may consist of two separate techniques for authenticating credentials, such as password authentication combined with a smart card. Gilbert mentions, “This is true two-factor authentication; there is a possession factor and a knowledge factor. The strength of one offsets the weakness of the other when they must be used together to gain access.”
There are many other best practices healthcare organizations should follow when it comes to cybersecurity, though. It’s critical that IT leadership ensures all network connected devices, machines, other operational technology (OT), and Internet of Things (IoT) devices are fully protected against potential threats. “Healthcare organizations need to consider their OT systems not just as a potential vulnerability but as a potential attack vector on their IT infrastructure,” Gilbert notes.
When information gets shared between healthcare providers and payers, it becomes incredibly challenging to enable two-factor authentications, which in turn defaults users to a basic user ID and password. “These weak credentials beg to be stolen and are often the first stage in a multi-stage cyber attack. The good news is, Blue Ridge Networks has successfully provided secure extranet solutions across organizations for years, ensuring that all network access and communication is secure,” Gilbert concludes.
Find out more about Blue Ridge Networks here.