Many ransomware groups have promised not to target healthcare providers during the pandemic, but a resurgence of these attacks is likely. Hospitals need to be prepared and ensure their data is protected to avoid delays in patient care and costly repercussions.
During a July 21 webinar hosted by Becker’s Hospital Review and sponsored by Hewlett Packard Enterprise, a cybersecurity expert shared key strategies to ensure data security for healthcare providers.
The webinar’s speaker was James Morrison, a cyber security technologist at Hewlett Packard Enterprise and former FBI computer scientist.
To be prepared in case of a cyberattack, hospitals should focus on five key strategies, according Mr. Morrison. They are:
- Separate security from IT. Hospitals need to establish sound programs that focus entirely on cybersecurity, and those programs need strong leaders. “When a company takes cybersecurity seriously, they have a person whose entire job is cybersecurity,” Mr. Morrison said.
- Invest in cyber insurance. Hospitals should consider leveraging cyber insurance to save money in case of an attack. Having cyber insurance can reduce the cost of a cyber breach by 1.5 million dollars, according to Mr. Morrison.
- Know how and where your data is stored. Knowing that your data is in the cloud or a certain database is not enough. HIPAA requires hospitals to manage their data securely, meaning they know exactly where it is stored and how it is protected. Not having these answers means vulnerabilities could go unnoticed.
- Phishing must be a part of testing. It may not matter what internal security a hospital has if a hacker can socially engineer a way to phish. With remote work on the rise, more organizations are vulnerable to phishing attacks. Hospitals need to ensure their security products protect remote employees against phishing attacks. Home users accessing VPNs can sometimes provide a tunnel for hackers to get into a hospital’s private network.
- Use the 3-2-1 backup rule. Hospitals should ensure they have at least three copies of their data, two different media and one copy off-site. As more and more companies start to require 100 percent data availability, it is important for hospitals to test their backups and be certain that they will work if they are needed.
© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.