Healthcare organizations deal with highly personal information and when they face cybersecurity challenges, there is a lot at stake. In the first half of 2020, the number of cybersecurity breaches in healthcare has doubled.
Remote work during COVID-19 made cybersecurity one of the top priorities. Physicians, therapists, and nurse practitioners are accessing telemedicine from home and risks are higher than ever. The endpoints outside of the enterprise firewall often supported by cloud-based applications are vulnerable,so securing remote networks became IT’s primary focus.
Here is the list of measures healthcare organizations can take to maintain cybersecurity.
Protect teleconferencing solutions
Commercial teleconferencing platforms used for video appointments during the pandemic may be an organization’s weak spot. To protect patient data companies can choose HIPAA-compliant telehealth solutions that are suitable for the workflow, such as through the current EHR vendor
Set cybersecurity policy for remote work
Human factors reasons play a huge role in breaches, for example, employees losing assets or not securing devices providing access to sensitive data. Setting out security requirements in a comprehensive policy for the staff working from home would help. Include the requirements to work only on equipment supplied by the practice and locking them when not in use, using VPN to secure the connection to data, etc.
Invest in endpoints protection tools
A strong detection and response (EDR) platform could protect the endpoint such as laptops, desktops, and mobile devices. These platforms monitor endpoints (computers on the network, not the network itself) for suspicious activity, automatically remove or contain threats, collect the information and analyse it to identify threat patterns. Paid solutions may be less attractive than the free ones but free platforms are often reverse engineered by criminals. You can use Mobile Device Management platforms to lock down USB ports on remote laptops or get the alert message if the device is taken outside a pre-defined geographic area to wipe data remotely.
Prevent the risk
This year UCSF Medical school and the Department of Health and Human Services in the US, the London research lab Hammersmith Medicines Research and many other organizations suffered ransomware attacks. The attacks of this type can stay low for some time, weaving into hospital systems, gathering data, and taking advantage of weaknesses.
To close any gap and maintain strong security use vulnerability scans and tests. They will help detect and classify system weaknesses. A penetration test or “ethical hacking” replicates what a hacker could exploit and identifies weak spots in the system.
Join the Healthcare Automation and Digitalization Congress AUTOMA+ 2021 to discuss the role, challenges & perspectives of cybersecurity in healthcare on September, 27-28, 2021.