A Full Cybersecurity Toolbox for Healthcare
When healthcare services were almost exclusively provided on-premises, IT could focus on securing the perimeter with tools such as firewalls and intrusion monitoring, says Frank Dickson, program vice president at IDC. That task has been complicated by network-connected medical equipment and the widespread use of personal mobile devices.
The COVID-19 pandemic also forced a number of workers offsite and spurred the accelerated adoption of virtual care, breaking down hardened perimeter defenses.
“As people, data and apps move off-premises, protecting the perimeter isn’t enough,” Dickson says. “What tools should healthcare organizations use to defend their assets? All of them.”
Cybersecurity most effectively focuses on four control points, Dickson says. The endpoints of the network require a variety of responses; protecting a nursing station computer is different from defending a simple network-attached sensor.
MORE FROM HEALTHTECH: How can purple teaming improve healthcare organizations’ security posture?
Identity management, usually in the form of least-privilege access policies and multifactor authentication, controls who is on the network. From there, organizations need to add the strata of tools to safeguard applications and data, Dickson says.
To fend off or mitigate ransomware and other cyberattacks, an organization must identify critical and vulnerable assets, Dickson says. IT teams should then deploy technologies and processes to protect those assets, such as intrusion detection tools.
Finally, a response plan to defuse the threat should flow into a recovery plan to restore data and systems.
“Some people think that having good backup keeps you safe, but you need a whole plan that you’re ready to execute quickly,” Dickson says. “When malware interrupts any business, it loses money, but in healthcare, people can lose their lives.”
Security Alerts at the Ready
Round-the-clock attention to emerging threats and the technologies that can block them are the foundation of effective cybersecurity, Booth says. “Complacency is the biggest enemy. You always have to think about what’s next,” he adds.
To get the clearest picture of threats on the horizon and how to deal with them, it’s important to hire trained and experienced security professionals, Booth says. In the current threat environment, “you need people on your team with specific security expertise.”
As its frontline weapon against ransomware, BVCHD relies on Sophos Intercept X, which detects ransomware and other malware attacks and isolates the contaminated messages from the healthcare organization’s network.
BVCHD tackles the special problems presented by network-attached medical equipment with Palo Alto Networks IoT Security. The technology identifies, profiles and continuously monitors traffic on network devices, detects anomalies and sequesters affected equipment from the network.
The last bastion of defense from a cyberattack is backup, Booth says. Backups should be frequent and encrypted, and backup systems should be air-gapped from the main network, he adds.
“Many organizations design their backup systems so they can be easily accessed, but that’s a huge mistake,” Booth says. “Recovery speed is important, but if achieving that means you make it possible for the backup also to be breached, you have a catastrophe instead of a recovery.”
Click the banner below for more security and incident response planning content from HealthTech.