By all measures, the healthcare industry is the largest and most complex industry in the United States. It holds vast amounts of personal and confidential data about its patients but it is ill-equipped to protect that data. Although it’s not yet at a crisis level, cybersecurity in healthcare is in serious need of both preventative and remedial medicine.
The healthcare industry will need to keep cybersecurity at the forefront of all technological and patient service improvements that it implements across every part of the national network. In the near term, hospitals and other entities in the industry can enact five strategies to curtail its burgeoning cybersecurity problems.
Transition cybersecurity from the information technology department into an enterprise-wide consideration
Cybersecurity strategies should begin in the healthcare boardroom and then permeate through every function under the board’s management and control. Medical records and patient information have high value in the hackers’ black market. If an organization’s directors fail to demonstrate a dedication to data protection and cybersecurity, then so will their staff.
Management needs to impress upon everyone that employees at all levels are responsible for good data protection practices.
Audit all medical devices for cybersecurity flaws and take corrective measures over those flaws
Internet-connected medical devices, including diagnostic scanners and patient monitors, frequently operate with embedded firmware that is rarely updated. Much of that firmware has known cybersecurity flaws that hackers can use to gain a deeper foothold in a medical center’s data networks. All medical devices should be updated to include the most current firmware and software, and a regular program of updating those devices should be implemented to foreclose future cybersecurity problems.
Prepare an effective response to a ransomware attacks
Hospitals and medical centers are uniquely susceptible to ransomware attacks that freeze critical data systems, which can then prevent physicians from offering vital services to patients. The temptation to pay a ransom in these circumstances is very high.
Hospitals may not be able to prevent all ransomware disasters, but they can implement a few strategies to manage an attack more effectively. This includes developing good backup systems and strategies, maintaining a clear schematic picture of the devices and workstations that are connected to a network, and appointing one or a team of individuals who can take charge of responding to a ransomware attack as soon as it is detected.
Allocate sufficient resources for cybersecurity
Healthcare facilities should adopt a realistic budget for cybersecurity services, including competitive salaries for healthcare cybersecurity directors, resources for regular training and education of all employees, and funding for a response to a cyberattack if and when it happens.
Healthcare cybersecurity insurance can protect a hospital against catastrophic losses and third-party liabilities that often flow from a significant cyberattack. The cost of that insurance is well-justified in an industry that maintains such large volumes of consumer personal and financial information.
Review the adequacy of existing firewalls and cyber defenses
Firewalls and other cyber defenses in healthcare facilities might have been installed at an earlier date, with little attention being paid to updates and ongoing maintenance. Hackers look for older systems, like those in many hospitals, that have known security flaws, which have never been patched. An outdated cyber defense system is an accident waiting to happen.
Hospitals and other medical care centers should direct their information technology departments to analyze their existing cyber defense technology and then update that technology to bring it in line with current cybersecurity strategies.