Dec 14 2020

Improve Healthcare Security with These 5 Steps

The pandemic has turned up the heat on cybersecurity, and hospitals must make comprehensive plans to address new threats.

The COVID-19 pandemic has put serious pressure on healthcare IT teams — with challenges that include supporting work-from-home staffers, coping with limited resources and budgets and handling a flood of new clinical data. 

As organizations address these changes, they must make security a top priority.

An abrupt shift to remote work has led to massive migrations of workloads to the cloud. The speed of this move sometimes resulted in mistakes, which created unexpected vulnerabilities. Further exacerbating the situation is that cybercriminals have taken advantage of the situation by increasing the volume and sophistication of their attacks.

A comprehensive and agile security plan can meet these threats head-on. Healthcare organizations that adopt an approach of security by design will reduce mistakes and improve the effectiveness of their defenses. 

Be sure to incorporate these technology solutions to protect key elements of your IT operations: 

1. Email Security Measures to Limit Unwarranted Access

Email security is always a challenge for healthcare organizations. Targets such as patient information and prescription data are very valuable, making them attractive to cybercriminals. Email security solutions that offer capabilities such as URL protection and attachment analysis are essential to protect against cyberattacks.

Multifactor authentication is also an important tool to protect email systems. As MFA has evolved, vendors have developed features such as context-sensitive systems that can apply different levels of security depending on factors like where a user is making a request. For example, a doctor looking to access patient data from outside a hospital may be required to log in with multiple methods of authentication, whereas access from inside the hospital may require only one method.

MORE ON SECURITY: Check out HealthTech’s security page for the latest in cybersecurity intelligence and insights.

2. Endpoint Security to Protect Mobile Devices

Many healthcare providers have shifted to mobile, remote workforces. With this change, enterprise devices are giving way to BYOD policies. Staff-owned devices likely do not have the same protections as hardware distributed and managed by a hospital’s IT staff. Healthcare organizations must be able to secure these devices through endpoint security solutions. 

For BYOD situations, web security solutions can further protect data. Many healthcare organizations now use cloud-based web security tools, which can secure applications regardless of where a device is or what kind of device it is. 

3. Zero-Trust Framework for Verifying Data Access and Privilege

Many healthcare systems that haven’t built a security framework that includes zero-trust architecture are struggling in the current environment. In a zero-trust architecture, users must prove their identities to access specific data resources. 

Attackers are looking for credentials that give them access to peer-to-peer server traffic. Zero trust doesn’t provide this level of trust between servers. This approach takes user error out of the equation and reduces the ability of threats such as ransomware to move from one server to another.

4. Cybersecurity Training for All Healthcare Employees

Most successful cyberattacks use email-based approaches on users to gain a foothold. Security awareness training must evolve to deal with the new landscape. 

Users — especially nurses and doctors who haven’t traditionally worked from home — must secure their data whether working remotely or in a hospital. To do this, they need to learn security tactics to protect personal devices and networks at home. Security must move beyond the traditional network perimeter and into the user’s space. 

5. Disaster Recovery Solutions to Rebound from the Unexpected

Two years ago, most IT professionals didn’t consider business continuity part of security, but that thinking has changed. Ransomware has made continuity a critical part of security. 

Healthcare organizations need a disaster recovery and business continuity plan in place as a security best practice, and they need to have incident response plans in place to protect multitenant resources. 

I frequently remind healthcare organizations that preparation is essential. If you don’t have a plan in place, you’re going to fail. For healthcare organizations, losing the ability to care for patients could mean the difference between life and death. 

This article is part of HealthTech’s MonITor blog series. Please join the discussion on Twitter by using #WellnessIT.


monstArrr_/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT