Oct 24 2022

5 Common Security Monitoring Mistakes in Healthcare

Healthcare organizations don’t need to address these issues on their own. Here’s how a partner can help strengthen their strategies.

October may be Cybersecurity Awareness Month, but healthcare organizations need to stay attentive using a follow-the-sun method, especially as they grapple with ransomware attacks and data breaches.

The five most common mistakes I’ve seen health systems make when it comes to security monitoring are:

  1. Monitoring security in a silo
  2. Ineffective security tools that don’t lead to meaningful, actionable insight
  3. Failing to test and validate whether a solution fits into an ecosystem
  4. No effective written security policy
  5. Lackluster internal communication

Healthcare organizations don’t need to face daunting cybersecurity challenges alone. They can take steps toward a less reactive, more proactive approach through fostering growth in team members and bringing on a much-needed partner where it counts the most.

Cybersecurity Month


1. Security Monitoring in a Silo

Siloed security monitoring is one of the biggest mistakes a healthcare organization can make. A lack of collaboration across departments will only prolong unexpected downtime.

It’s not uncommon to see this mistake happen across all industries. Organizations often focus so much on the act of monitoring that they don’t create any meaningful action from it, and it doesn’t reach the necessary stakeholders for better coordination and collaboration. Healthcare organizations with this approach will miss the bigger picture.

2. Over-Reliance on Technology Without Action

Having best-in-class cybersecurity tools does not mean an organization can automatically glean meaningful, actionable information from them. Ultimately, the tools themselves won’t create a strong security culture, so break the habit of relying solely on technology.

3. Lack of Testing and Validation

Even if an executive or third party pushes for one solution, don’t quickly adopt it without testing and validating whether it will work in the organization’s environment. Take the time to perform simple tests or a proof of concept to see if the solution fits. The validated solution should be interoperable and work with current applications.

4. Lack of Effective Written Policy

Organizations need a holistic policy in place to respond to events effectively and consistently, regardless of time or date. If there’s no written policy, there will be gaps in the continuity of resources and the response will be uncoordinated and ineffective. Even when relying on a third-party monitoring service, organizations need to ensure formalized collaboration between an internal team and the partner.

5. Lack of Internal Communication

Healthcare organizations need to define and assign responsibilities before unexpected downtime occurs, and those roles need to be validated regularly through tabletop exercises. That way, when Humpty Dumpty falls off the wall, everything has a written process to jump-start the recovery.

Overall, addressing these five mistakes will help healthcare organizations avoid a knee-jerk reaction to security events, and instead provide a more comprehensive, calculated response that will help them avoid that critical 48 hours of downtime.

Healthcare stands apart from finance, education, retail and manufacturing because of the COAT principle: clinical, operation, administration and technology. If you take away the clinical aspect — the doctor’s COAT, if you will — then healthcare is like any other industry. Because of that crucial clinical aspect, however, we need to make sure organizations can continue running without a hitch.

Click the banner below to discover how MDR can support your security strategy.

Finding the Right Partner for Managed Detection and Response

Many hospitals now have hundreds of thousands of endpoints, especially as perimeters extend beyond hospital walls. These endpoints need security controls so they can be isolated and contained should anything happen.

Bringing in a partner can offer more support to a lean healthcare IT staff, especially during a critical event where people are going to be overextended. When CDW Healthcare looks for a solid managed detection and response (MDR) partner for healthcare clients, our criteria focuses on:

  • Low-impact technology that’s not going to hinder clinical performance
  • A distributed protective state that covers the organization regardless of location
  • Established runbooks and playbooks so an organization doesn’t have to build them from scratch
  • Round-the-clock monitoring capabilities with a partner that can watch the dashboard, recognize indicators of exposure, and begin researching the problem instead of sitting on the information

An MDR solution is vastly different from endpoint detection and response. MDR is an important solution for resource-constrained organizations to access. Whereas EDR sifts through the noise to recognize vulnerabilities, MDR takes advantage of an additional layer of human capacity to get the ball rolling against potential threats. By the time the client has been notified of the problem, an MDR partner has already begun information gathering and problem validation, and is preparing a cohesive problem statement and a recommendation for response or recovery.

This MDR-EDR combination can provide security innovation within the healthcare industry that not only will keep the data flowing and the lights on, but more crucially will keep the heart monitors working and the IVs dripping. The crucial element of the continuity of care is the lifecycle of a hospital.

EXPLORE: Get tips on how to combat alert fatigue in healthcare cybersecurity. 

A Stronger Team at the Center

Security is not just crossing off items on a list. It’s not an afterthought after an event has occurred. Being compliant is not the same as having a well-formed and mature security program that’s cohesive with the entire tech stack of a clinical environment. Often, security is simplified into technology solutions that help organizations monitor and respond. Technology is important, but people are the true core of a strong security strategy.

When it comes to the rollout of new technology or processes in a healthcare setting, it is crucial for organizations to undergo a culture shift to ensure adoption is seen as a reward rather than a penalty. Continuity of care is the most important facet in the lifecycle of a hospital; therefore, securing the technology that allows the business of healthcare to occur should be the most important technology an organization invests in.

DIVE DEEPER: Here's what you should know about emerging cyberthreats. 

People and technology work in conjunction with one another, so it’s critical to create an integrated environment that ensures employees feel supported and heard and doesn’t bypass or avoid security processes. The latest technology does nothing if security protocols are bypassed or ignored.

Other industries such as finance and retail have the resources and teams to scale their responses, but healthcare has a long way to go amid tight budgets and staffing shortages, even though lives depend on functional, available healthcare. Relying on a partner for managed detection and response is a step in the right direction.

This article is part of HealthTech’s MonITor blog series. Please join the discussion on Twitter by using #WellnessIT.


Keep this page bookmarked to keep up with all of HealthTech’s Cybersecurity Awareness Month coverage, including more on managed detection and response.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT