With today’s growing concerns surrounding healthcare cybersecurity, organizations must be well-equipped when it comes to the latest processes and technological tools to defend its vulnerabilities and protect sensitive patient data from cyber-thieves. Not only must modern-day healthcare providers secure a growing number of connected medical devices, but cyber-criminals continue to develop highly-sophisticated tools for attacking organizations to gain access to data and networks.

For various reasons, the healthcare industry has struggled to keep up with other industries when it comes to cybersecurity, but with increasing cybersecurity budgets, cutting-edge technology, and enhanced security efforts, the future is brighter. In fact, 2017 was a good year in comparison to previous years for healthcare data breaches, as the number of healthcare records compromised was significantly down. These numbers only affirm that new technologies are a must for an organization’s cybersecurity efforts.

Here are five key areas in which up-to-date technology is essential for healthcare cybersecurity:

Risk Assessments

Gone are the days of using spreadsheets for risk assessments. Spreadsheets are time-consuming and inefficient, especially if engaging multiple people in the process. Spreadsheets are also not the most secure means of managing risk, especially if they are being passed around a non-secure system, which allows hackers to easily intercept the document(s). By performing and managing risk assessments through an automated web-based tool like BALLAST, organizations can assign and track remediation efforts, easily pull reports, and quickly and efficiently share the risk assessment with one-click compliance reporting.

Employee Training

Training is a core procedure at most every company. From job training to safety and emergency training, most companies invest in ongoing education and practice drills, so that employees will know without thinking what they need to do, especially in the event of an emergency security incident. In the same way, healthcare organizations must implement cybersecurity training strategies, such as mock phishing attempts and incident response tabletop exercises to ensure that employees are prepared in the event of a cyber-attack. Technologies like learning management systems play a major role in helping companies deliver proper training, but do so in ways that can be targeted to a user’s role in the organization and provide tracking to ensure everyone is participating

System Updates

It’s critical that systems be up-to-date and patches are applied timely to decrease vulnerabilities and successful hacking attempts. Healthcare formal processes should be put in place so that patch levels can be monitored to ensure that patching covers all critical assets and is effectively reducing critical and high-risk vulnerabilities. It is also critical that patching and vulnerability management programs address application vulnerabilities, and not just those at the operating system level, as these often represent points of weakness exploited by attackers through malicious links and attachments.

Network and Endpoint Monitoring

Systems must be monitored for inappropriate activity. With new technologies available to healthcare organizations, the stop worry can be put in place to secure networks and create a more resilient system. While many companies leverage IDS/IPS systems to fulfill a compliance checkbox, both systems are vital to protecting your network. IDS/IPS ensures any potential threats that sneak through the firewall are addressed as soon as the attack occurs. Security information and event management (SIEM) is also becoming a common security control these days. SIEM offers three major value points: worst-case scenario protection, audit and reporting, and research and troubleshooting.

Multi-factor Authentication

Multi-factor authentication has evolved as the single most effective control to insulate an organization against remote attacks and when implemented correctly, can prevent most threat actors from easily gaining an initial foothold into your organization, even if credentials become compromised. Although not bullet-proof, multi-factor authentication is a proven way to lessen the likelihood of a data breach via a compromised password.

LBMC Information Security’s experts are not only up-to-speed on the latest and greatest technologies for healthcare cybersecurity, they are ready to help you explore ways BALLAST can help your organization be prepared in the event of a cyber-attack. Contact us today to learn more.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.