Future Healthcare Today
  • About
  • Payer
  • Provider
  • Pharma & Life Sciences
Subscribe
No Result
View All Result
  • Digital Transformation
  • Telehealth
  • Cybersecurity
  • Patient Experience
  • Clinicians
  • Resources
    • COVID-19
Future Healthcare Today
  • Digital Transformation
  • Telehealth
  • Cybersecurity
  • Patient Experience
  • Clinicians
  • Resources
    • COVID-19
No Result
View All Result
Future Healthcare Today
No Result
View All Result
Home Cybersecurity

Healthcare Organizations Under Attack: Strategies for Managing Cyber Threats

by Shayda Windle
October 25, 2016
in Cybersecurity, Digital Transformation
Reading Time: 7 mins read
A A
Healthcare Organizations Under Attack: Strategies for Managing Cyber Threats
Share on FacebookShare on Twitter

Before National Cyber Security Awareness Month (NCSAM) draws to a close, we thought it would be a good idea to dive into cybersecurity as it relates to the healthcare industry, and take a deeper look at some of the trends and challenges that are currently being faced by healthcare organizations. We had a chance to sit down with David LaBrosse, Strategic Partner Manager, Healthcare Data Management Solutions at NetApp, to talk a little bit about cybersecurity within healthcare and what’s being done to prevent these attacks from occurring. Here’s what David had to say:

Shayda Windle: Healthcare data and infrastructure that supports the delivery of healthcare services are some of the biggest targets for attack.  What’s driving this interest from cyber attackers?

David LaBrosse (DL): There are multiple factors that are driving cyber criminals to target the healthcare industry.   First, Cyber criminals believe that hospitals are soft targets.  They know that many institutions have made security improvements, but there are still other hospitals which need to implement basic security tools. A second driver is the growing number of attacks sponsored by organized crime groups — in the U.S. and overseas.  These criminal groups are playing a key role in the higher volume and sophistication of cyberattacks.  And, a third driver is the value of the medical records themselves on the black market.  While some analysts debate how much criminals are paid for each stolen medical record, the emphasis should be on how patients are impacted by each theft.  In some cases, a stolen record can expose a patient to insurance fraud, identify theft, and to privacy violations.

SW:  What are the most common exploits that healthcare organizations are subjected to?

DL: Each year, reports are released that identify the top threats as it relates to cybersecurity.  Some of the reports are from U.S. Fed Government agencies like Health and Human Services (HHS) or the FBI.   Other threat reports are created by leading security vendors and network services providers.  While I agree that the theft of computers, smart phones, and disk drives are still a top concern, hospitals leaders are making good progress in this area.   Their investments in security training, device encryption, and asset tracking tools will continue to minimize the physical threat.

Another common threat or exploit is the growth in “malware” attacks.  Ransomware has become a top-of-mind threat for many healthcare leaders.  The number of ransomware attacks has increased significantly in the past year.   There are now thousands of variations.  And, healthcare institutions are struggling to keep up with the flood of malware attacks.

SW: What can healthcare organizations do to protect themselves and their patients?

DL: Having standard security procedures in place to protect from attacks is so important that I’ve created an acronym around it. This is more of a reminder of the standard procedures that everyone should be following.

CUTS stands for combine, update, track, and survive.  And here’s a breakdown of it:

  • Combine security systems. In a hospital setting, security information and event management (SIEM) systems are common tools which are used to monitor an unusual event and to log activities in the IT environment. But some of these SIEM tools are old and need to be upgraded. They need to allow other sources of data to be analyzed from across the enterprise. The SIEM tools should also be combined with other security tools like ‘user behavior’ tracking. By combining the security tools, institutions can identify and respond to threats faster.
  • Update software and security patches. This may sound like just another task on the security checklist, but you would be surprised how many organizations do not routinely do this, and in turn put themselves at greater risk. By not patching systems, you are basically opening the door for a hacker to come into your environment.
  • Track your employees. It may sound like Big Brother is watching, but you really do need to know where your employees are logging in, and where they physically enter a building. Everyone knows that there is a ‘human’ element to cyber attacks and unfortunately disgruntled employee attacks do happen.  So, it is critical for hospitals to track employee activities on-line and on-premise.
  • Survive attacks. Despite all of the efforts to maintain security, cyberattacks do still happen. That is why hospitals need to focus on recovering from an attack.  Some institutions make good investments in security tools, but they forget about the recovery side of the equation.  I urge healthcare organizations to make ‘gold’ copies of their data, operating systems, and mission critical applications.  These gold copies should be stored in a separate network to prevent hackers from finding them.   And, it is equally important that hospitals test their recovery capabilities at least once a year.  That is one way they can be confident that they will survive an attack.

Hospital leaders can also avoid paying a ransom fee to hackers by restoring their systems rapidly.  NetApp is proud to provide data management solutions which help customers to accelerate security threat analytics and to recover faster from malware attacks.

SW: It seems that having layers of security is a good approach.  What are some of the best strategies for protecting data while it’s at rest/stored and while it’s in motion?

DL: Today, we know encryption has proven to be a good solution. I think some of the challenges organizations face is whether or not encryption is the right fit — or is easy to manage. Encryption has come a long way.  At NetApp, we are offer a variety of encryption options to address data at rest and in transit requirements.   We have also made it easier for customers to manage the encryption solution.   While some customers are still uncomfortable, I believe encryption is worth the investment.

SW: Is there anything else you’d like to share?

DL: Another outstanding security tool which I recommend to customers is called ‘multi-factor authentication.’  There are different types of multi-factor authentication tools available today.   Some ask for users to provide replies to “security questions”.   Others, utilize a smart phone application which generates a unique pass code during each log-in.  The code is a second password which is difficult for hackers to steal.  Historically, the healthcare industry has shied away from multi-factor authentication tools.   One reason is that it seems to require an extra step in the security process. Many doctors and nurses do not have time to enter additional codes or passwords. They need to focus on patient care.   However, I think multi-factor authentication will become more user friendly.  And, with the proper security training, the log-in time can be reduced.

Interested in learning more about NetApp’s health IT and cybersecurity solutions? You can find out more here.

Tags: Cyber Security Awareness MonthcyberattacksDavid LaBrossehealthcarehospitalsMulti-factor authenticationNCSAMNetAppPassword Security
Advertisement Banner

RELATED POSTS

Contributed Articles

To Meet Growing AppSec Risk, Healthcare Enterprises Turn to Stronger Solutions 

March 7, 2023
Contributed Articles

Is the Healthcare Industry in Need of Changes?

January 30, 2023
Public Health Agencies Provide Exceptional Customer Experiences Managing COVID-19 Pandemic
Digital Transformation

Public Health Agencies Provide Exceptional Customer Experiences Managing COVID-19 Pandemic

January 10, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

TRENDING NOW

  • With Worker Shortage, Here’s How Healthcare Facilities Can Attract New Talent

    499 shares
    Share 200 Tweet 125
  • AI Solutions Can Improve Hospital Operations and Physician Well-being

    497 shares
    Share 199 Tweet 124
  • Addressing the Mental Health Crisis with Improved Access to Affordable Counseling Services

    506 shares
    Share 202 Tweet 127
  • NSA Claims Identification Still Causing Confusion for Health Insurers

    664 shares
    Share 266 Tweet 166
  • Health-Seekers Level Up Self-Care with Gamification Apps

    557 shares
    Share 223 Tweet 139

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner

BECOME AN INSIDER

Get Future Healthcare Today Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Government Technology Insider
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home – 2021
  • About
  • Contact Us

Become a Sponsor

Future Healthcare Today offers content and advertising sponsorships to leading healthcare solution and service providers. Interested in becoming a sponsor? Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About
  • Payer
  • Provider
  • Pharma & Life Sciences
  • Categories
    • Digital Transformation
    • Telehealth
    • Cybersecurity
    • Patient Experience
    • Clinicians
  • Contact Us