Jan 20 2023

How Health Systems Can Build Up Their Security Teams

Healthcare organizations can shore up their cyberdefenses with managed detection and response services.

Malicious cyber actors did not slow their siege on the healthcare industry in the final month of 2022. Federal agencies warned organizations about new ransomware strains and other cyberthreats. Still, news of compromised sensitive patient information emerged just days before the new year, and cyberattacks aren’t showings signs of easing in 2023.  

Thirty-eight percent of security leaders across industries cited an increase in cyber insurance costs as the top negative impact of a cyberattack, and 36 percent cited damage to their organization’s brand or reputation, according to a December 2022 Imprivata report. Thirty-two percent of healthcare security leaders said they had to divert patients to other providers after cyberattacks.

It's clear that healthcare’s cybersecurity outlook is in critical condition, especially in the face of slim operating margins and staffing shortages in clinical and IT departments. But organizations don’t have to improve their security strategies alone. A key partnership in managed detection and response (MDR) can help alleviate concerns in a daunting environment. 

Click the banner for access to exclusive HealthTech content and a customized experience.

MDR Services Provide Security Support to Healthcare Organizations

Round-the-clock security monitoring is a must-have for healthcare organizations today, no matter the size. Cyberthreats do not keep to a 9-to-5 schedule, especially as nation-state adversaries continue to target critical infrastructure, including healthcare.

Some small and midsized organizations may not have the in-house staffing, resources or expertise required to maintain 24/7 monitoring. That’s where MDR services can make a difference.

For Jackson Parish Hospital, a 25-bed hospital in northern Louisiana, Arctic Wolf’s MDR service supports the protection of the critical-access medical facility’s rapidly growing endpoints.

“For a hospital in our situation, the managed security model becomes a necessity. IT security must be working all the time,” COO and CIO Jason Thomas told HealthTech last year. “I can’t recruit the number of security specialists I would need to cover my needs, and I couldn’t afford to pay them if I could.”

DISCOVER: Five common security monitoring mistakes and how a partner can help.

Freeing Up Health IT Teams With MDR Services

Larger healthcare organizations with sufficiently staffed in-house security teams can turn to an MDR service to free up their people and resources to focus on other programs, such as IT innovation and modernization efforts, according to a CDW white paper.

In central California, for instance, Monterey-based Montage Health turned to the CrowdStrike Falcon MDR service to help ease the in-house IT staff’s security burden of monitoring the organization’s vast ecosystem, which includes a community hospital, provider network, urgent care centers and more.

“There are a lot of different devices and a lot of different workflows that we want to make sure are end-to-end secure,” says Stacy Estrada, the health system’s information security manager. “It’s very complex, and when we can break out a piece like MDR for endpoint security, it frees us up to focus on the bigger picture of business needs.”

After adopting the service, Estrada shared how it would impact staff roles.

“Letting them see how they’d be refocusing and learning more things after we partnered with the service was essential,” she says. “We wanted them to know that our aim was to grow them as a team. Using the MDR service opens opportunities for them as a security team. There are a lot of exciting things going on with our program because we can bring in managed solutions.”

Using MDR Services Can Support Patient Care Efforts

Cybersecurity remains a top area of concern for healthcare in 2023.  

To help organizations prioritize and track security implementations, the Cybersecurity and Infrastructure Security Agency (CISA) revealed its list of voluntary security performance goals for critical sectors and a checklist in the fall. “By implementing these goals, owners and operators will not only reduce risks to critical infrastructure operations, but also to the American people,” notes CISA on its website.

Ultimately, that’s what a holistic security program should support: better patient care. And when organizations find the right partners to build up their security teams with MDR services, they’re better positioned to provide improved care to the communities that rely on them.

UP NEXT: Four steps for healthcare security leaders to sleep better at night.

gorodenkoff/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT