In the hospital setting, there is no tolerance for poor hygiene. Frequently washing your hands and using hand sanitizer can drastically decrease the chances of contamination, the spread of disease, and infection rates. It’s just as important to commit to cyber hygiene to slow down attackers who are looking to infect your mission-critical systems.
In a webinar a few months ago, “Preparing for Cyber Risks to Healthcare Operations: Be Ready, Not Sorry,” we discussed the challenges healthcare operators face when managing the overall health of their data and infrastructure. Our presenters were:
- Ed Kopetsky, Chief Information Officer at Stanford Children’s Health and Advisor with Next Wave Health Advisors;
- Michael McKinley, Vice President and General Manager at Delta Risk; and
- Chris Holda, Senior Healthcare IT Consultant, Huntzinger Management Group.
They provided valuable cyber hygiene best practices to help healthcare professionals respond to a cyber-attack and reduce their patient care risk. Here are their top 10 recommendations.
1. Encrypt Protected Health Information (PHI)
Failing to encrypt laptops is pretty much inexcusable at this point. You’ll pay the price in the form of sanctions and other penalties. Encrypting wherever feasible is the best way to secure your data while offering a backup option in case that data is breached.
2. Prioritize Rigorous Patching and Patch Management
Vendors create patches for their products to defend against new vulnerabilities. Deploying patches can be a bear of a process, but it needs to be a high priority for organizations to stay safe in today’s threat landscape.
3. Replace Unsupported Legacy Software or Hardware
Replacing unsupported legacy software and other products will require capital expenditures, but it’s very necessary to protect data and ensure business continuity. Even when resources are limited, this investment should be prioritized.
4. Limit Users Who Have Local Administrative Rights or Controlling Access
This can be a challenging process. You will likely get organizational pushback from people who want flexibility to install whatever they want on their laptops or devices, and they may make good arguments. However, from a technical controls perspective, this is an imperative step to limit lateral movement if malicious hackers get into your network or networks, and to reduce the threat of ransomware and other malware attacks.
5. Implement Two-Factor or Multi-Factor Authentication
For limiting administrative rights and remote access to systems that house sensitive information or PHI, this move is an absolute requirement these days.
6. Sandbox for Advanced Malware and Ransomware Protection
Passwords alone simply won’t cut it. It’s critical that you keep up with more advanced technologies and techniques to deal with constantly evolving threats. Sandboxes, or automated malware analysis appliances, can sit either inside or outside your network to test files in a virtual environment to determine if they are malicious. Although this is not foolproof, as some sophisticated malware can recognize when it’s in a sandbox, this can be an effective tool.
7. Invest in Awareness Training, and Phishing and Social Engineering Testing
Insider threats are not always malicious. In many instances, employees are simply caught off guard or are unaware of what to look for when it comes to spotting phishing emails or avoiding ransomware. Awareness training on its own can be very effective, but coupling awareness training with phishing, social engineering, and policy adherence testing can drive even better results.
8. Perform Security Log Collection, Monitoring, and Analysis
You could call this a soft function, and this is best handled by a security operations center (SOC). This can be a big commitment for a lot of organizations, but there are quality vendors out there that can help. At the least, you should make sure to archive and retain your logs.
9. Commit to Incident Response Planning and Preparedness
Effective incident response is a process that requires ongoing commitment and ongoing management. It’s a total team effort that shouldn’t simply fall on IT’s shoulders.
10. Increase the Need for Network Segmentation to Isolate Exposed Devices
In these instances, it’s important to isolate your exposed devices to limit the impact of an attack away from your most critical data.
To gain deeper insights into the practices and steps you need to take to improve your cyber security resiliency, watch our on-demand webinar in its entirety.
What you’ll learn:
- Incident response essentials
- How to set technical recovery priorities
- Patient care and business continuity considerations
Delta Risk also was an exhibitor at the Delaware Valley and New Jersey Chapters of HIMSS 10th Annual Fall Conference.