Each year, during National Cyber Security Awareness Month (NCSAM), we reach out to our partners and ask them about the significance of current cyber security efforts. Earlier this month we featured Cisco’s Chief Trust Officer, John Stewart, discussing the evolution of NCSAM and what the future holds, and Cris Thomas, strategist at Tenable, wrote a piece diving into the national election and the impact of security on the process. This week, we’ve reached out to David LaBrosse, Strategic Partner Manager, Healthcare Data Management Solutions at NetApp, to talk a little bit about cyber security within healthcare and what’s being done to prevent these attacks from occurring. Here’s what David had to say:
Healthcare data and infrastructure that supports the delivery of healthcare services are some of the biggest targets for attack. What’s driving this interest from cyber attackers?
David LaBrosse: There are multiple factors driving cyber criminals to target the healthcare industry. First, cyber criminals believe hospitals are soft targets. They know many institutions have made security improvements, but there are still other hospitals which need to implement basic security tools. A second driver is the growing number of attacks sponsored by organized crime groups—in the U.S. and overseas. These criminal groups are playing a key role in the higher volume and sophistication of cyberattacks. And, a third driver is the value of the medical records on the black market. While some analysts debate how much criminals are paid for each stolen medical record, the emphasis should be on how patients are impacted by each theft. In some cases, a stolen record can expose a patient to insurance fraud, identify theft and to privacy violations.
What are the most common exploits that healthcare organizations are subjected to?
David LaBrosse: Each year, reports are released that identify the top threats as it relates to cyber security. Some of the reports are from U.S. Federal Government agencies like Health and Human Services (HHS) or the FBI. Other threat reports are created by leading security vendors and network services providers. While I agree that the theft of computers, smart phones and disk drives are still a top concern, hospitals leaders are making good progress in this area. Their investments in security training, device encryption and asset tracking tools will continue to minimize the physical threat.
Another common threat or exploit is the growth in “malware” attacks. Ransomware has become a top-of-mind threat for many healthcare leaders. The number of ransomware attacks has increased significantly in the past year. There are now thousands of variations. And, healthcare institutions are struggling to keep up with the flood of malware attacks.
What can healthcare organizations do to protect themselves and their patients?
David LaBrosse: Having standard security procedures in place to protect from attacks is so important that I’ve created an acronym around it. This is more of a reminder of the standard procedures that everyone should be following.
CUTS stands for combine, update, track, and survive. And here’s a breakdown of it:
- Combine security systems. In a hospital setting, security information and event management (SIEM) systems are common tools which are used to monitor an unusual event and to log activities in the IT environment. But some of these SIEM tools are old and need to be upgraded. They need to allow other sources of data to be analyzed from across the enterprise. The SIEM tools should also be combined with other security tools like ‘user behavior’ tracking. By combining the security tools, institutions can identify and respond to threats faster.
- Update software and security patches. This may sound like just another task on the security checklist, but you would be surprised how many organizations do not routinely do this, and in turn put themselves at greater risk. By not patching systems, you are basically opening the door for a hacker to come into your environment.
- Track your employees. It may sound like Big Brother is watching, but you really do need to know where your employees are logging in, and where they physically enter a building. Everyone knows there is a ‘human’ element to cyber attacks and unfortunately disgruntled employee attacks do happen. So, it is critical for hospitals to track employee activities on-line and on-premises.
- Survive attacks. Despite all of the efforts to maintain security, cyberattacks do still happen. That is why hospitals need to focus on recovering from an attack. Some institutions make good investments in security tools, but they forget about the recovery side of the equation. I urge healthcare organizations to make ‘gold’ copies of their data, operating systems and mission critical applications. These gold copies should be stored in a separate network to prevent hackers from finding them. And, it is equally important that hospitals test their recovery capabilities at least once a year. That is one way they can be confident they will survive an attack. Hospital leaders can also avoid paying a ransom fee to hackers by restoring their systems rapidly.
COMMENTS