How Security Partners Can Work with Healthcare IT Teams to Fight Ransomware

Healthcare IT environments are highly complex and are made even more complicated by the continued use of older technology. In some cases, healthcare organizations are five or even 10 years behind other industries in terms of tech. This can make cybersecurity a challenge for many organizations.

As cyberattacks grow more sophisticated and healthcare IT environments continue to expand beyond the hospital’s four walls, it’s vital that organizations’ security strategies evolve to protect clinicians from threats no matter where they’re working.

While cybersecurity can seem daunting to some healthcare leaders, they don’t need to tackle the issue alone. A security partner can augment and work with the organization’s internal security team to bolster cybersecurity initiatives and protect patients from malicious actors.

Click the banner to get the expertise you need to strengthen your ransomware protection.

Tips on How to Improve Healthcare's Cybersecurity Posture

One tactic health IT leaders can take to improve their security posture is to establish a budget with their organizations’ leadership teams. That should include a year-over-year increase for not only the existing IT but for future technology as well.

Often, the budget for security is focused on addressing an event, but it must be baked in as an important part of the budget. Doing so will help healthcare organizations rise into the world of enterprise business.

After setting the budget, IT leaders must ensure that they have buy-in from peer organizations and that they can exchange information. While it may seem basic, it’s necessary to create a robust cybersecurity strategy, especially as clinicians and healthcare staff may access the network from anywhere.

Once the budget is established, IT leadership can start to examine existing security solutions. You need competent and resilient infrastructure to mitigate ransomware attacks, including voice and data, so that all devices and all people can communicate at all times.

Healthcare organizations should avoid having silos where only a few people in operations understand how a hospital network is designed, which elements are interconnected between clinics or other locations, and how communication paths are set up between the hospital and local emergency management. There must be awareness and visibility of those networks across teams to support cybersecurity effectively.

A modern operating system can also make a major impact on security. Updating to a newer OS with more effective security controls helps health IT teams focus on endpoint management. All of these elements come together to build the foundations of a strong cybersecurity strategy.

Cybersecurity Gets Better When It's Everyone's Responsibility

There’s a statistic that holds true across industries: more than 80 percent of breaches are unintentional, meaning that people cause them accidentally. No matter what controls are in place, the human factor is what really poses most of the risk. Therefore, education across the organization is crucial.

There are a few things that healthcare IT and security teams must ensure that all people in the organization are aware of so they can do their part to prevent an attack. Making sure they understand cybersecurity best practices comes down to conducting annual training and attestation.

The foundations of a strong security culture must be embedded in an organization’s policies, taxonomy, standards, procedures and guidelines to create a complete ecosystem of awareness. Employees must be able to identify what an authoritative source of information from the hospital system looks like and when bad actors are mimicking the hospital using phishing. The organization’s security strategy must be holistic.

A Strong Security Partner Can Help with Ransomware Prevention and Recovery

Legacy technologies are a major vulnerability and target for cyberattacks in healthcare organizations. However, those technologies are still important to many organizations’ IT infrastructures. It’s important to find a cybersecurity partner that understands those systems and how they’re maintained.

At CDW, when we help an organization, we listen to the customer to identify top goals. We then either suggest cybersecurity strategies or, if they are in good shape from a strategic perspective, we look at a five-year strategy and focus on the clinical operations, administrative and technology wings of the organization. We work with the organization to make sure the security solutions and strategies used don’t interrupt continuity of care, impact clinical workflows, or create hurdles for operations and administration.

CDW can also deploy our service offerings to bolster an organization’s security posture, whether that means a security assessment for emerging data sources or application rationalization to help save money. We can also help with third-party risk management as part of a merger, acquisition or even divestiture, which would mean building up the service catalog and management capabilities of the organization. These are some of the key offerings that play into everyday budget cycles.

When we start working with an organization, we sometimes already have an existing relationship from partnering on infrastructure or other technology implementations. Regardless, we always sit down with the security organization, from leadership down to the directors and the line managers, to discuss their product requirements as well as where they might have skills gaps or resource deficits. They may just need augmentation to close those gaps. In that case, we can plug into their existing initiatives. 

We also do briefings to talk about current capabilities, the future desired state and budget to make sure that we’re not suggesting unrealistic ideas. As a security partner, it’s also important to foster good communication through workshops and other engagements. This also allows us to do baselines in the environment and then build out the entire ecosystem to further optimize the IT environment for the future of care.

One of the things healthcare organizations should consider is the beginning and end of a security partnership. CDW has established a strategist role so that we’re not just providing an introduction, we’re maintaining a relationship. We know that there will always be changes in the environment that need extra focus.

We consider the foundations of care, optimization of care and the future of care and work to support those pillars through our partnerships. In addition, we work with experts from relevant industries such as finance, retail, manufacturing, distribution and logistics so we can help healthcare organizations achieve their security goals.

This article is part of HealthTech’s MonITor blog series.