Three Steps to Better Cybersecurity
By Greg Freeman
Healthcare organizations that are reactive rather than proactive with cybersecurity are especially vulnerable to ransomware attacks, says Carlos Morales, senior vice president of solutions at Neustar Security Services in Sterling, VA. Staying proactive is about much more than developing and implementing an incident response to comply with HIPAA.
“You need to practice that plan regularly and underpin it with a strong culture of security awareness,” Morales says. “This keeps your defense top of mind for everyone in your organization so that you can ensure a swift and decisive response if there is an incident.”
Even the most well-prepared organization can get hit with ransomware. While every employee cannot be expected to execute a detailed ransomware crisis plan, organizations must at least ensure everyone across the business is trained to recognize a ransomware attack and knows what to do if one occurs.
If the employees operating affected machines or equipment simply do not recognize what is happening, and do not respond fast enough, things can get bad quickly, Morales says. Consequences can go well beyond impact to the business’ bottom line to create potential life-and-death risk to patients.
Morales recommends this three-step plan for improving cybersecurity:
• Continuously educate the workforce. The most common way organizations are breached is through the act of a single individual who opened a corrupted email or clicked a malicious link. Creating and promoting a cybersecurity education program and requiring all staff — even senior executives — to take the courses at least annually creates a strong foundation for success.
“Everyone plays a role here, so all employees must have a firm understanding of cyber hygiene and security best practices to prevent ransomware and other threats. To create a strong, active culture of security awareness, it is important to increase the education regimen — particularly around common threats like phishing — and work to ensure employees are incorporating security hygiene best practices into their day-to-day digital routines,” Morales explains. “This will prevent a lot of the mistakes that lead to breaches.”
• Create and practice an incident response plan. In cybersecurity, creating a response plan is just as important as having the right tools, services, and expertise on staff. It is critical to ensuring the optimal response can be carried out and the proper communications can be sent.
“Cyberattacks can have a broad impact on an organization and require specialized knowledge and expertise to manage. First-line operators won’t always be equipped to manage the attack, so they need to be aware of what resources they can count on to help, and how to contact those resources,” Morales says. “Rather than leave it to the individual to determine what to do in any given situation, it is much more efficient for them to follow an established process for getting help, escalating to leadership, and a template for communicating to the necessary stakeholders, from employees to external partners, patients, and regulators.”
The broad implications of ransomware attacks and other breaches must be carefully managed, Morales says. In the face of a serious attack, a natural reaction is to panic. Implementing a plan may be the difference between paralysis and response. Knowing when to engage general counsel, outside counsel, and a cybersecurity insurance company enables organizations to obtain the necessary advice quickly when dealing with potentially large liability.
Maintaining a contact list for cybersecurity services companies can provide a much faster response to the attack. Knowing who to contact in law enforcement can streamline the cleanup process.
“Regularly practicing the plan ensures that everyone involved understands their role and where the necessary information is kept,” Morales says. “It also helps to improve and expand the plan to encompass the latest threats and best practices to prevent and mitigate them.”
• Make asset management a priority. It is critical for healthcare organizations to maintain a full inventory of all assets that have access to the internal network and, in particular, assets with external network connectivity. Security teams often focus on the systems and services critical to business operations and on the frontline devices used by personnel (e.g., laptops, smartphones, and tablets) while overlooking other assets (e.g., lab systems, test websites, tools, and other specific applications).
“Be sure to catalog these assets, including what OS [operating system] they are running, patching levels, what services run on that system. Take the time to assess what is business-critical for your organization,” Morales says. “Where are assets housed? How are they accessed? Look critically at your infrastructure to ensure that it is secure and redundant, then decide what solutions will work best for you.”
Devices or systems with internal network access can be used as a launch point for an attacker to gain broader access to other internal systems. Asset management should be a foundational part of a security program. Ensure a member of the team is responsible for this and held accountable for ensuring the inventory is up to date.
“The asset management program and inventory status should be regularly reviewed by senior leadership,” Morales says. “This heightened scrutiny will greatly reduce the risk of having rogue internal systems compromise your security posture.”
- Carlos Morales, Senior Vice President of Solutions, Neustar Security Services, Sterling, VA. Phone: (844) 929-0808.
Healthcare organizations that are reactive rather than proactive with cybersecurity are especially vulnerable to ransomware attacks. Staying proactive is about much more than developing and implementing an incident response to comply with HIPAA.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.