Close

Combatting Cyberattacks: Managing Healthcare IT

avatar
Published on September 30, 2022 by

Andrew Sweeney

Cybersecurity is a growing threat for any sector, but healthcare is becoming a prime target. The UK’s National Cyber Security Center said 1 in 5 cyberattacks were aimed at organizations with links to health during the pandemic. Now a Sophos report ‘The State of Ransomware in Healthcare 2022’ has revealed ransomware attacks almost doubled in 2021, with 66% of the healthcare organizations surveyed being hit during the year, up from 34% in 2020. While 61% of organizations paid ransoms to get encrypted data back, only 65% of data was recovered.

In such a highly regulated sector, organizations risk being fined. Recently Oklahoma State University Center for Health Services paid $875,000 to the federal government to settle a number of alleged violations of HIPAA privacy rules. More worryingly, patient health can also be put at risk. 41% of attacks targeted US companies causing major disruptions that delayed vital treatments and led to a number of civil lawsuits. But no country is immune. Recently an NHS supplier in the UK was targeted affecting software related to patient handling, ambulance dispatch and more and New Zealand saw 404 incidents from 2020-2021.

Why healthcare?

So, why is healthcare such a big target for cyber criminals? One reason is that organizations hold large amounts of highly valuable patient data. Another is that doctors, nurses, and other caregivers are under immense pressure and constantly on the move so errors can easily occur. They may not have the time to check the integrity of emails and could be accessing patient records over unsecured home broadband or public Wi-Fi.

The technology used is another entry point. Some lack funds and rely on a multitude of old interconnected systems. Others are now connecting more IoT devices for new efficiencies, while also creating opportunities for cyber criminals if they aren’t properly secured.

With patient data and welfare at risk, it’s up to IT to identify possible vulnerabilities and take action to protect them before a breach can take place.

Protect and educate healthcare workers

Often access is gained through ‘phishing’ emails. While many end users understand what to look for it’s still important to put in place a program detailing how to spot malicious mails and alerting users to new techniques being used by hackers.

Easily guessed passwords are another way for breaches to occur. Implementing strict password protocols, ensuring they are changed regularly and using single sign on, are standard practices. In such a regulated industry, IT needs to be on top of access permissions and staff changes. Ensuring access to data through a firewall can also mitigate the issues of accessing data over unsecured broadband and WI-Fi.

Consolidate systems and applications to reduce the attack surface

Many companies are undergoing mergers and acquisitions (M&A), for example to gain expertise for telehealth and other innovations – the volume was up 16% in 2021. Any public M&A can catch the attention of hackers. IT needs to be involved early on so they can gain a view of the combined assets and make decisions such as how to consolidate technology, rationalize apps, and secure data from day one.

Digital transformation and a move to the cloud creates complexities

As you virtualize more workloads and the business benefits from increased IoT connectivity, there will be more connected devices and applications and you’re going to have to keep a check on both the public and edge cloud. Leverage cloud management tools to understand what’s being used and make teams aware of the need for IT to be involved in digitalization plans so you can understand what’s being added and what you need to protect.

Updating and patching software and systems

With an increasing number of connected medical and end user devices and applications, IT teams need to stay on top of OS updates and patching, as well as end of support for servers and devices. Cyber criminals work hard to exploit vulnerabilities in software versions and once server or device end of life (EOL) is reached, they are easy targets.

Dedalus Biologie, which sells software solutions for medical analysis laboratories, was fined 1.5 million Euros for a number of data breaches, including failing to comply with GDPR rules during a software migration.

In an ever-more diverse and complex IT environment, it’s going to be vital to automate patch management and build in programs such as Windows servicing, EoL system migrations, and application modernization into ongoing plans.

IT Asset Disposition (ITAD)

For highly regulated industries like healthcare, tracking assets from “cradle to grave” is critical to reducing security risks. When assets are due to be retired you should have a secure ITAD process in place that allows you to clearly identify the next steps. Even when assets have left your hands you must ensure third parties are doing what they said they will to protect data. An IDG report found that 58% of healthcare organizations don’t have a formal ITAD policy in place.

Ways to reduce cybersecurity risks

Ways to mitigate security issues include:

  • Ring-fencing third-party IoT systems, so that if access is gained through them, they can’t take hold of patient data. One recent report showed 55% of healthcare organizations surveyed had suffered a third-party data breach in the last year.
  • Identifying applications that are unsupported but required beyond a server end of life. You can move them to a controlled environment to limit security issues.
  • Putting in place a robust ITAD process that identifies how assets need to be handled when retired and ensures task completion is recorded – included those tasks completed by third parties - for audit and compliance purposes.

To identify and manage vulnerabilities, you need first need a clear view of your entire IT estate. Managed manually, that’s going to take time. Instead, you could consider adopting a digital platform conductor (DPC), which Gartner has recognized in four hype cycles. A DPC automates data aggregation and analysis across the entire IT estate – endpoints, users, applications, and all their interdependencies – defines the rules for change, and uses intelligent automation to implement those changes.

A DPC connects to all your disparate IT and business tools and systems to leverage the data within them, aggregating and normalizing information about your estate. The result is an accurate, real-time endpoint view that you can use to understand where vulnerabilities are and act on this information. Using a DPC you’ll be able to see:

  • where assets are.
  • who is using them.
  • the OS and applications they use and access.
  • which of them are affected by any proposed change.

A DPC serves as a central command and control platform to orchestrate and automate system and human workflows and report back on status.

 

Book a demo with ReadyWorks to understand how a DPC can help you identify and manage vulnerabilities in your healthcare system to keep patient data secure.