5 Best Practices to Prevent and Survive Cyberattacks

Taking care of sensitive patient data isn’t always a core competency for hospitals, which are targeted by cyberattacks—particularly ransomware attacks—more than any other industry.

Looking for smart ways to lock down your hospital’s cybersecurity? William Crank, Chief Information Security Officer for MEDHOST, regularly provides assistance to hospitals seeking to repair the damage from cyberattacks, helping them restore service as quickly as possible.

He recommends five cybersecurity best practices to help ensure that hospitals are as successful caring for data as they are caring for patients.

5 Cybersecurity Best Practices

1. Understand Why Hospitals Are Targeted

Successful cybersecurity starts from understanding the particular reason hospitals are vulnerable in the first place, Crank says. Cyber criminals are motivated to attack healthcare systems because hospitals have access to patient data, which they’re legally responsible to keep secure.

Criminals know how much hospitals panic—and how much they’ll be willing to pay— According to an article from Identity Theft Resource Center in 2019, data breaches in the healthcare industry continue to be a problem, involving sensitive patient information, with public reports of hacking jumping 48.6 percent from 2018. The article reported that the most expensive attacks in 2019 occurred in the healthcare sector.

Ransomware attacks—often spread via phishing emails—cause a hospital’s information systems to lock up. Cyber criminals responsible for the attack request ransom payment, often in Bitcoin, to unlock the system. If ransom isn’t paid, criminals threaten to post sensitive data to the Internet and leave your hospital with the liability of exposed patient data and a wrecked IT system—not to mention a damaged reputation.

2. Realize Where Hospitals Are Particularly Vulnerable

Healthcare providers might be knowledgeable about how to deliver great care to patients, but may not realize how often they’re the source of their facilities’ greatest cyber headaches.

The lack of employee training and awareness around basic cybersecurity can cause untold problems, Crank says. Untrained employees may unintentionally open an attachment received via email that can begin a cyberattack.

A lack of robust backup routines causes another vulnerability for hospitals.

“In the event a hospital is hit with a ransomware attack, they should have a plan for archiving their information appropriately so they are able to recover in a timely manner,” Crank says.

3. Create a Strong Facility-Wide Security Awareness Program

“Focus on making your employees more knowledgeable about existing threats,” Crank says. “A strong security awareness program is critical, but it’s not just the security team that needs to be aware. Everyone needs to be aware and alert. Don’t keep employees in the dark about current threats.”

Crank says cyber dangers can be higher around the holidays, when criminals take advantage of more people surfing the internet, online shopping, and being more willing to accept phone calls that solicit sensitive personal information.

“There are times when individuals are more vulnerable,” Crank notes. “Phishing email campaigns tied to ransomware are written to convey a sense of urgency. Criminals want you to do something without thinking about it. That’s why one thing we stress with our users is a think-before-you-act mentality.”

4. Adopt Smart Cybersecurity Practices, Including an Incident Response Plan

A robust software patching process and a regular review of your backup architecture are paramount to cybersecurity practices, Crank says. Patches are more complicated as the rise of the Internet of Things poses new risks.

“Wearable devices and other innovations emerging from the Internet of Things are key to producing outstanding healthcare, but they pose a risk,” Crank says. “These devices are very difficult to patch, and many of them are certified devices that require some level of authority to ensure patching doesn’t modify their capabilities. Determine which devices are most vulnerable to cyberattacks so you can better understand your potential exposure.”

It’s also key to train your security team. Use tabletop exercises to help you plan what team members will do in the event of a cyberattack, Crank says. The better the plan, the faster the recovery.

“When something bad does happen, do you have a plan you can put into action right away to minimize your downtime? Having an incident response plan is a must,” Crank advises. “Determine the right people to contact in the event of an emergency, and ensure you have access to everything you need to bring resources back online quickly. Be proactive now so you don’t have to be so reactive later.”

5. Plan Your Response

If your hospital experiences a cyberattack, chances are you’ll have to act quickly. Crank suggests these five steps:

1. Preparation. Your hospital’s security team should not only have an incident response plan in the event of a cyberattack, but they should practice so it can be carried out effectively. Prepare your team—including third-party incident responders—for the real thing by practicing how to respond to mock threats in a war room environment.
2. Containment. Identify the type of incident you’re dealing with. If malware is taking hold, do what you can immediately to limit the damage. Pull devices off the network or shut down access to the internet so the problem doesn’t become larger.
3. Elimination of the threat. Make sure you have the technical resources to understand what’s happening to your system and how you can address it. Call in third-party experts if necessary.
4. Restoration. Once you’ve eliminated the threat, restore to a good clean system and bring services back online.
5. Recovery. In this stage, talk with your team about all the lessons learned from the incident and actions you are taking to mitigate the problem moving forward. What controls are you putting in place to prevent future cyberattacks?

Integrated EHR Cybersecurity Support

MEDHOST manages health IT environments both on-premise and hosted off-site for our clients. We provide security assistance to premise-based clients as needed or in times of crisis, and all of our hosted clients receive 24/7 security management and monitoring.

We make cybersecurity an integrated part of hosted services for our facilities, which allow us to have greater control over monitoring and preventing potential attacks.

Leveraging your electronic health record vendor as part of your cybersecurity team ensures that these services are integrated into your systems, providing an added layer of protection to your patient data and records in a seamless way.