Whether it is having to enable multiple-factor authentication on social media accounts or major plot lines in television shows, the world is more aware of cybercrimes than ever.
In February, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” message to all U.S. organizations, including hospitals and other healthcare facilities. The message urges organizations to take immediate steps to enhance their ability to detect and protect against cyber intrusion as the Russian invasion into Ukraine continues.
While there is no current threat to Americans, it is essential that everyone remains alert when it comes to cybersecurity. CISA recommends the following steps to ensure protection:
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus and antimalware software and that signatures in these tools are updated.
- If working with Ukranian organizations, take extra care to monitor, inspect and isolate traffic from those organizations, and closely review access controls for that traffic.
Despite consistent urges from shareholders to beef up their security operations, the global cybersecurity workforce is 65 percent smaller than it should be, according to a study by (ISC)2. In the next 12-24 months, cybersecurity will need to be prioritized within all organizations.
A study by ExtraHop found that 85 percent of surveyed organizations reported a ransomware attack within the last five years. Meanwhile, 74 percent reported having several attacks against their organization. Hospitals and other healthcare facilities are a key targets because they have a high number of electronic devices, IT systems are outdated, and healthcare staff are too busy to stay updated on cybersecurity training.
“Research reveals that organizations have already experienced tremendous challenges related to their cybersecurity, and unfortunately, more impacts are on the horizon,” says Anthony Gadient, CEO, Synaptic Security in a press release. “At the start of 2021, companies were struggling to handle the increasing complexity of cyberattacks. New vulnerabilities have further impacted organizations’ preparedness levels, putting them in a more vulnerable state or leaving them even further behind. It’s urgent for organizations to close this cybersecurity gap as it threatens other top business initiatives.”
Attacks against healthcare facilities are making it harder to distinguish between real and phishing attempts. Every second counts when an initial threat is made, yet many healthcare facilities do not have the proper means to fight off an attack. While most organizations agree that it is good to disclose ransomware attacks, only 39 percent of ExtraHop respondents said they were completely transparent about attacks, according to the report. However, the longer a healthcare facility delays disclosure, the more negative impacts it faces as patients and families will lose trust in its ability to care for them properly.
It is up to hospitals and other healthcare facilities to ensure that their patients’ personal information is safe. Managers must regularly communicate with residents and patients about the way their data is being used, stored, shared and protected. Having an open dialogue helps build trust within the facility and can bring in more patient recommendations.
“Organizations must be vigilant and implement incident-response plans, actively monitor their systems and data and evaluate the security aptitude and quality of their third-party partners and service providers,” says Michael Borromeo, vice president of data protection with Stericycle. “Implementing proactive information security practices, procedures and controls must be a part of every healthcare organizations’ operational strategy. It is non-negotiable, as human lives are literally on the line.”
Mackenna Moralez is assistant editor with Healthcare Facilities Today.