Combatting Cyberattacks: Managing Healthcare IT

All Posts

Combatting Cyberattacks: Managing Healthcare IT

Cybersecurity is a growing threat for any sector, but healthcare is becoming a prime target. The UK’s National Cyber Security Center said 1 in 5 cyberattacks were aimed at organizations with links to health during the pandemic. Now a Sophos report ‘The State of Ransomware in Healthcare 2022’ has revealed ransomware attacks almost doubled in 2021, with 66% of the healthcare organizations surveyed being hit during the year, up from 34% in 2020. While 61% of organizations paid ransoms to get encrypted data back, only 65% of data was recovered.

In such a highly regulated sector, organizations risk being fined. Recently Oklahoma State University Center for Health Services paid $875,000 to the federal government to settle a number of alleged violations of HIPAA privacy rules. More worryingly, patient health can also be put at risk. 41% of attacks targeted US companies causing major disruptions that delayed vital treatments and led to a number of civil lawsuits. But no country is immune. Recently an NHS supplier in the UK was targeted affecting software related to patient handling, ambulance dispatch and more and New Zealand saw 404 incidents from 2020-2021.

Why healthcare?

So, why is healthcare such a big target for cyber criminals? One reason is that organizations hold large amounts of highly valuable patient data. Another is that doctors, nurses, and other caregivers are under immense pressure and constantly on the move so errors can easily occur. They may not have the time to check the integrity of emails and could be accessing patient records over unsecured home broadband or public Wi-Fi.

The technology used is another entry point. Some lack funds and rely on a multitude of old interconnected systems. Others are connecting more IoT devices, creating opportunities for cyber criminals if these devices aren’t properly secured.

With patient data and welfare at risk, it’s up to IT to identify possible vulnerabilities and take action to protect them before a breach can take place.

Ways to reduce cybersecurity risks

Educate healthcare workers

Often access is gained through ‘phishing’ emails. While many end users understand what to look for it’s still important to put in place a program detailing how to spot malicious mails and alerting users to new techniques being used by hackers.

Easily guessed passwords are another way for breaches to occur. Implementing strict password protocols, ensuring they are changed regularly and using single sign on, are standard practices.  IT needs to be on top of access permissions and staff changes. Ensuring access to data through a firewall can also mitigate the issues of accessing data over unsecured broadband and WI-Fi.

Consolidate systems and applications to reduce the attack surface

Many companies are undergoing mergers and acquisitions (M&A), for example to gain expertise for telehealth and other innovations – the volume was up 16% in 2021. Any public M&A can catch the attention of hackers. IT needs to be involved early on so they can gain a view of the combined assets and make decisions such as how to consolidate technology, rationalize apps, and secure data from day one.

Maintain a comprehensive view of connected devices and applications

As you virtualize more workloads and the business benefits from increased IoT connectivity, there will be more connected devices and applications. Leverage cloud management tools to understand what’s being used and make teams aware of the need for IT to be involved in digitalization plans so you can understand what’s being added and what you need to protect.

With a clear view of your estate and all dependencies, you can ring-fence third-party IoT systems, so that if access is gained through them, they can’t take hold of patient data. One recent report showed 55% of healthcare organizations surveyed had suffered a third-party data breach in the last year. 

Update and patch software and systems

With an increasing number of connected medical and end user devices and applications, IT teams need to stay on top of OS updates and patches. They also need to migrate systems that have reached end of support such as Windows Server 2012 or 2012 R2. Cyber criminals work hard to exploit vulnerabilities in software versions and once server or device end of life (EOL) is reached, they are easy targets.

Dedalus Biologie, which sells software solutions for medical analysis laboratories, was fined 1.5 million Euros for a number of data breaches, including failing to comply with GDPR rules during a software migration.

In an ever-more diverse and complex IT environment, it’s going to be vital to automate patch management and build in programs such as Windows servicing, EoL system migrations, and application modernization into ongoing plans.

Implement a secure IT asset disposition (ITAD) process

For highly regulated industries like healthcare, tracking assets from “cradle to grave” is critical to reducing security risks. When assets are due to be retired you should have a secure ITAD process in place that allows you to clearly identify how they must be handled and ensures task completion is recorded. This includes those tasks completed by third parties. Even when assets have left your hands, third parties must follow this process for audit and compliance purposes and  to protect data. An IDG report found that 58% of healthcare organizations don’t have a formal ITAD policy in place.


To identify and manage vulnerabilities, you first need a clear view of your entire IT estate. Managed manually, that’s going to take too much time. Instead, consider adopting a digital platform conductor (DPC), recognized by Gartner in four hype cycles. A DPC automates data aggregation and analysis across the entire IT estate – endpoints, users, applications, and all their interdependencies – defines the rules for change, and uses intelligent automation to implement those changes.

A DPC connects to all your disparate IT and business tools and systems to leverage the data within them. The result is an accurate, real-time endpoint view that you can use to understand where vulnerabilities are and act accordingly. Using a DPC you’ll be able to see:

  • where assets are.
  • who is using them.
  • the OS and applications they access.

A DPC then orchestrates and automates system and human workflows and report back on status.

Book a demo with ReadyWorks to understand how a DPC can help you identify and manage security vulnerabilities across your IT estate.

Related Posts

The Cost of Dark Data

The amount of data we are producing is rising at a dramatic rate. Statista predicts that b...

The Cybersecurity Risks caused by Human Error and How to Avoid Them

Through its research on the Psychology of Human Error, Stamford University released a repo...

How to Stay Off the Cyber Security Data Breach Naughty List

As the number of cyberattacks continues to rise across the globe, many are warning that th...