Keep Your Healthcare Network Security Off Life Support
CSO Online found that the healthcare industry is the number one target for ransomware today, with the number of attacks to quadruple by the year 2020. You don’t have to be a big company in order to be a target, either. Verizon found that breach victims were more often than not businesses with less than 1000 employees.
Healthcare also has the highest cost per breach of any industry in the world, standing at $408 per record, up from $380 in 2017. 2018 was the eighth straight year that healthcare maintained the number one spot in this record.
So just why is healthcare so vulnerable? Yes, having the sensitive medical records of patients is definitely a premium for hackers. However, even this does not explain how singularly the medical industry has been targeted. Healthcare organizations have been found to be well behind the cybersecurity curve when compared to other industries such as finance. Healthcare organizations also tend to have decentralized IT systems, making them ever more vulnerable in a world of multi-cloud SaaS, IaaS and IoT. There is also a growing trend of medical offices allowing employees to bring their own devices and let them join the corporate network. This can drastically increase risks if security protocols are not properly enforced.
How Can a Medical Organization Improve Network Security?
A major challenge in every healthcare organization is avoiding the rising number of healthcare cyber-attacks targeting the industry while keeping in compliance with HIPAA standards. Below are a few best practices that will help improve your healthcare network security while maintaining a positive relationship with regulators.
One of the major advantages of managed services is the ability to automate security processes. Automation should be used whenever possible to keep network patching and updates on a consistent schedule. This also reduces the instance of human error in the process.
When systems are backed up automatically, it also frees up the in-house IT department to focus on more creative ways to protect the infrastructure of the organization. Not only that but keeping up with patching automatically reduces the instance of old hacking techniques that are waiting in the wings creating problems within a system.
With the proliferation of IoT in healthcare, it is more important than ever to maintain network visibility. Very simply, if you do not know what’s on your network, it becomes much more difficult to prevent attacks.
With the above in mind, it is often a good practice to invest in agentless visibility. One of the best solutions for this is Aruba Clearpass, providing dynamic network access control that increases enforcement and response across all networks.
If your network is always on, which it will be when integrated with the IoT, you cannot afford to have blind spots. You need an automated response for your control policies that is free of human error. This is especially true if you have a BYOD in your office. You can bet that all of your employees and guests on the network will not follow security protocols. It is up to you to maintain a certain standard so that an unknowing guest does not open your network to hackers mistakenly.
Another reason that Clearpass is one of the best systems is that it allows for full access control. The bigger your organization, the more secure your access must be. You must also keep separate access for clinicians and guests. If there is a breach, you will be able to quickly determine where it came from and close it before it moves into other areas of your network if you use a good NAC. Your automated response may also be able to quarantine any threats before they become too big to stop.
Hackers do not always have the upper hand in the battle for healthcare network security. In many cases, it is an unknowing employee who lets in hackers because he simply did not know or understand how to maintain a high level of security. All it takes is one phishing email or bad website to open up an entire network. If you do not train your team, you are literally waiting for something like this to happen.
Although your entire staff does not need to have a second degree in IT, they should be made aware of the most prevalent threats out there. Otherwise, they may simply discard the security measures that you invoke as unnecessary.
Reporting Incoming Threats
Having a safe process for your team to report potential incoming threats is also an essential part of maintaining network security. No matter where the threat comes from, everyone should know that there is a chain of command and a process in place to fix things quickly. This will keep people from trying to hide issues that they may have caused.
A Layered Defense System
The best systems have multiple layers. Ransomware requires a completely different form of protection from viruses and Trojans. Because of this, having a layered defense system is becoming more and more important in today’s evolving threat landscape.
Offsite Data Maintenance
Every medical organization should also maintain a copy of critical data off-site. This is a part of a very effective data backup protocol known as 3-2-1 that many companies are using to great effect. That’s three copies of your data on two different mediums with at least one offsite. Ignoring best practices like the aforementioned is a good way to make bad headlines.
Finally, you need a partner that understands data security in the healthcare industry. No matter how effective your system may be, something may sneak through. You need to be able to talk to someone immediately once you recognize a problem in your network. Comport has been in the healthcare industry for over two decades, staying on top of trends and understanding the landscape. Get a partner on your side that understands your industry and can help you make informed technology decisions.
Bill Flatley, Field CTO for Healthcare
Bill is responsible for technical strategies and recommendations for Comport’s Healthcare clients. His extensive experience includes four healthcare systems in leadership roles supporting Clinical Applications, Digital Health, and Office of the CIO as the primary liaison between IT and the business.