With the holidays fast approaching, it’s not unusual to become so distracted by shopping lists and travel plans that you let other things fall onto the back burner for a while. However, your company’s cybersecurity is one aspect that should never be allowed to slip—during the holidays or otherwise. Not only do cyber threats never rest, the holidays are actually prime time for hackers waiting for you to slip up.
A clear and present danger
This is especially the case in the healthcare industry, which, as the fourth largest industry in America, generated 8% of national GDP last year. Needless to say, hackers are extremely interested in obtaining healthcare record information to sell for a hefty profit on the dark web—but despite being a prime target, many companies in the industry aren’t as strict as they should be in terms of implementing strong cybersecurity measures and remaining vigilant. In fact, a 2018 industry security scorecard ranked the healthcare industry at No. 15 out of 17, with the sector performing especially poorly with regard to endpoint security and patching cadences.
Much of the industry’s lack of endpoint security can be attributed to bring-your-own-device practices, while unpatched cadences are a symptom of avoiding process inconvenience. Moreover, ransomware continues to be a recurring cybersecurity threat as well. There’s a lot to worry about, but the news isn’t all bad: By practicing sustained, uninterrupted vigilance, these threats and others can be significantly reduced. Let’s take a closer look at the common cybersecurity issues that every healthcare enterprise should take into account.
Lackluster endpoint security
The term “endpoint security” specifically refers to procedures put in place to ensure a network remains secure when remote devices like personal laptops and smartphones are being used. Although bring-your-own-device (BYOD) practices are fairly common in the healthcare industry—after all, companies typically prefer to avoid having to provide technology for their employees, while workers like to use devices with which they’re comfortable—BYOD isn’t always the smartest way to go in terms of cybersecurity as there are so many endpoints to manage.
With this in mind, consider incorporating the following suggestions to keep your corporate network secure when using personal devices:
- Keep your operating system/applications updated.
- Perform timely endpoint scans.
- Disable ports that are not needed.
- Use multifactor authentication.
Patching cadences, the act of identifying and addressing critical vulnerabilities in a system, can be a powerful weapon against cyberthreats. That said, keeping up with patching in a timely manner can sometimes slip through the cracks due to the inconvenience associated with coordinating downtimes and checking functionality post-update. Ironically, there’s a certain amount of risk associated with this security-enhancing process—namely, losing business and potentially being unable to provide effective customer service during downtime—yet patching remains a vital task regardless. Here are some ways to help your IT department keep up with patching demands:
- Develop and maintain an up-to-date inventory of all systems.
- Devise a plan for standardizing production systems to use the same version of OS and other application software.
- Keep a list of active security controls (routers, firewalls, etc.), as well as their configurations.
- Compare reported vulnerabilities against your own inventory/control list.
- Ask what else you can do to assess and reduce the risk of an attack in your environment.
Cybercriminals no longer need to jump through the hoops associated with directly hacking into hospital computers to get what they want. Instead, they deploy ransomware, a type of malware attack that allows cybercriminals to lock users out of their own files and then demand money in exchange for unlocking them. In the healthcare sector, ransomware attacks have reportedly been the cause of 85% of malware attacks over the last year, contributing to $3.7 million in losses.
Needless to say, healthcare providers are eager to ameliorate this threat as swiftly and comprehensively as possible. The healthcare industry now makes cybersecurity education part of ongoing training, and HIPAA guidelines have been updated to address ransomware attacks. However, numerous instances of ransomware attacks continue to crop up in the industry, as it only takes one security slip-up for a cybercriminal to access private files, compromise integrity and cause financial loss. Make sure you’re not the one who slips up by following these procedures:
- Make sure your systems are up to date.
- Back up files to the cloud.
- Be vigilant about clicking on suspicious emails or links.
- Use a reputable security suite.
- Deploy system restore when necessary to get back to a clean slate.
Following the suggestions detailed above can help you prevent cyberattacks and ensure a stress-free and joyful holiday for yourself and your company!