Hospitals are a prime target because employees aren’t always trained on security awareness. While HIPAA aims to ensure that patient privacy is protected, in general, hospitals do not place a big enough emphasis on the importance of cybersecurity. Protecting data has always been a challenge, but an aware and invested workforce can become your company’s first line of defense.
Defeating the cybercriminals – what hospitals can do to stay secure
So, what can hospitals do to try and reduce the number of cyber-attacks, like the recent WannaCry virus which affected hospitals in England and Scotland?
The WannaCry ransomware attack was particularly effective against non-patched MS operating systems, and in particular, unsupported versions of Windows XP. To protect against attacks like these understand what software is in operation, where it is and what version is running. Begin by establishing an active patch management policy to ensure that software is being updated in a timely manner. And confirm that you can identify quickly whether or not this is happening, otherwise, hackers will find and exploit those vulnerabilities for you.
Hospitals also need to look at their vendors. Third parties can add significant risk to any organization, so ensure that any vendor who may have access to your network also operates securely. Track your vendors to ensure that you have the requisite security assurances (Business Associate Agreement or Covered Entities) within your vendor contract, and/or schedule regular security audits.
Most ransomware viruses get installed by human error. Employees clicking on phishing links, downloading infected attachments, or visiting malicious websites are the main causes of ransomware entering a system. Make sure that your employees are regularly trained on the dangers of ‘click bait’ emails and headlines. Run routine training and have employees sign off on phishing awareness policies and training.
Employees need to know where data is, when they should access it, how it should be used and how it’s being protected. Only then can they become your front line of cyber defense. The greatest cybersecurity tool of all is your employees. Engage them effectively and you will make your hospital more secure.
Ostendio discussed the latest healthcare cybersecurity threats and cybersecurity solutions on the Healthcare Cybersecurity: Challenges and Solutions panel at the Capital Health Tech Summit on June 15 2017. Hosted by the Northern Virginia Technology Council, the Summit will explored how tech is transforming and disrupting the business and delivery of health today and highlighted the unique intersection of commercial, government and academic assets that make Greater Washington the epicenter for innovation in the health technology sector.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.