Cybersecurity for 2020’s Front Line: Checkpoints for the Healthcare Industry

Cybersecurity Checkpoints for the Healthcare Industry

Every year, the healthcare industry becomes ever more reliant on cyber technology that generates solutions for improving patient care, organizational efficiency, crisis response times, and much more. The emergence of internet-connected gadgets in telemedicine, digital health records, medical devices and patient wellness apps, and the growing number of third parties entering the health supply chain has created many benefits— but the industry’s digital transformation has also exposed it to vulnerabilities that benefit cyber criminals, as well.

In the third week of National Cybersecurity Awareness Month, Cybersecurity Senior Manager Jennifer Moreno delves into cyber concerns for the healthcare industry and implications for patients who use internet-connected medical devices. Here are six steps professional healthcare organizations will find helpful and IT teams can check themselves against to stay #CyberSmart:

Essential Cybersecurity Steps for Healthcare Teams

1. Raise organization awareness about social engineering.

Educate staff and medical professionals on the hidden risks of social engineering and to the reality that high-ranking health professionals are not always the main targets. Attempts at gaining access to health facility networks have often been directed to those with a public-facing email address, or even to those who are simply entrusted with connection to desirable cyber targets—from clinicians to administrative staff, IT, research teams and providers. Hackers and scammers have proven to be successful at distributing ransomware and obtaining user credentials through phishing emails.

Social engineers are also not afraid to make in-person visits or place phone calls impersonating trusted individuals, such as a vendor or insurance representative. They are experts at tricking the innocent into disclosing bits of information that seem insignificant to the average person, but are invaluable to a social engineer. Encourage your team to maintain a healthy suspicion.

2. Authorize all access to your data.

Know exactly who has access to your health organization’s data and restrict access only to authorized users.

When your healthcare team needs to electronically share appointment and procedure times, lab results, blood tests, prescriptions, MRIs, x-ray images, patient notes and more, ensure that the data is encrypted while in transit —and also while at rest on your server(s)—to prevent unauthorized access. Ideally, optimize different encryption methods for both data events to better defend electronic Protected Health Information (ePHI).

3. Secure the Internet of Medical Things.

Wearable insulin monitors, pacemakers and heart rate monitors use the Internet of Medical Things (IoMT) to track, collect and analyze patient data. While enabling healthcare organizations to rapidly leverage patient care, these invaluable devices also introduce significant cybersecurity risks. It’s important for medical professionals to continuing working with medical device manufacturers and their patients to ensure connection to these devices is secure and that regular updates to firmware or software for these devices are made. A hack could lead to unimaginable consequences.

4. Test cyber-connected facility devices and your internal network.

From in-house patient medical and insurance records to the myriad of facility medical devices—like MRI systems and simple blood pressure monitors—hackers can target them all. IT professionals can prevent cyber criminals from gaining access to their organization’s network by routinely conducting penetration tests and vulnerability scans, and by continuously monitoring the network to identify activity that may indicate a breach.

5. Implement multi-factor authentication.

Implement multi-factor authentication for authorized network access, and ensure your team knows to never share user credentials for network and software access. Make sure it is part of company culture and protocol to always fully close down software applications that contain sensitive data when not in use, and to lock computer home screens to mitigate both unintentional and intentional data breaches.

6. Cultivate a tech savvy staff.

Medical professionals and their surrounding team need to be tech-savvy with mobile device security. Mobile devices should be encrypted, should never connect to public Wi-Fi, and need to regularly back up any data stored on the device. To keep devices from being compromised, educate mobile device users on the risks of mobile apps. For some helpful tips, check out our previous blog on mobile device cybersecurity.

Much like the advantages patients gain in choosing to heed the advice of your organization’s healthcare professionals, show your team how developing a commitment to cyber health and security is the only way to stay in top cyber shape. These things don’t just happen on their own; they take education and effort!

How REDW Can Help Optimize Your Cyber Health

For questions on securing or testing your network, setting up a consultation, or conducting cybersecurity awareness training for your healthcare team, please contact REDW Cybersecurity Senior Manager Jennifer Moreno.

Access past blogs in our National Cybersecurity Awareness Month series:

Week 1 – Enforcing Standard Cybersecurity Measures for Remote Work

Week 2 – Mobile Device Cybersecurity for Work x Home: Securing Double-Duty Gadgets