Apr 12 2021

Why Healthcare Systems Need to Learn 2020’s Cybersecurity Lessons Now

Last year offered big lessons in cybersecurity that healthcare systems should learn from now.

There are a lot of cybersecurity lessons to learn from 2020. It’s important that organizations take those lessons to heart now so they don’t have to play catch-up on any potential threats. 

The number of reported common vulnerabilities and exposures increased from 2015 to 2020, according to a 2021 report from Tenable Research. More than 18,000 CVEs were reported last year, a 6 percent increase from 2019.

And when it comes to data breaches, the healthcare sector accounted for the largest share of analyzed breaches in 2020, with ransomware flagged as a major problem.

“We need to optimize our defenses based on real-world attacks and threats, and prepare our teams in terms of communications, playbooks and documentation,” said security consultant Gal Shpantzer during an incident response team webinar offered by Dark Reading and Immersive Labs.

The COVID-19 pandemic spurred a massive shift to remote work for many organizations, which meant the use of virtual private networks, Remote Desktop Protocol and new tools for videoconferencing and collaboration. And though the shift has led to more capabilities for remote work, it also has opened the door to increasing cyberthreats.

LEARN MORE: Tips on how to build an effective cybersecurity incident response program.

Tenable found that over 46 percent of the breaches in the healthcare sector were caused by ransomware attacks, so it’s imperative that organizations shore up their cyber incident response teams. When strengthening those teams, organizations should work to improve communication protocols and implement threat detection practices.

More than 700 breach events from January to October 2020 resulted in over 22 billion records exposed, according to Tenable. Organizations need to take a deeper look at the cybersecurity lessons from last year and prepare their IT teams and responses now.

“Study those situations, work with people and develop workstreams to build a response,” Shpantzer said.