Let’s talk about your EHR needs: 1.800.383.6278  

Wednesday July 20, 2022  |  Michael Johnson, Chief Information Security Officer

Memos from the MEDHOST CISO: Overcome Cyberattacks with Risk Assessments and Virtual CISO (vCISO) Services

The US is currently grappling with a critical shortage of information security professionals. According to the Washington Post, there are approximately 465,000 unfilled cybersecurity jobs across the country.

This shortage threatens to intensify an already dire proliferation of malicious actors and emergent vulnerabilities within the healthcare industry. Big names in medicine fall victim to ransomware attacks almost daily, lapses in best practices among staff threaten to undermine even the most advanced security systems, and devices that patients rely on for care may be the next target for criminals.

For our partners in rural, community, and critical access healthcare facilities, the difficulty of attracting and retaining the expertise needed to protect patient data is made worse by out-of-the-way locales and tighter budgets that may not support competitive offers.

This article will discuss how two infosec services from MEDHOST can alleviate some of the burden these workforce shortages put on smaller hospital information technology and security departments.

Security Assessments

Evaluating a facility’s security posture helps to identify gaps in coverage and areas where mitigation strategies might prevent future attacks.

These assessments can also help identify and prevent lateral movement, a key concern for many of our partner hospitals. Lateral movement is a hacking technique that uses a single entry point, such as an unlocked or otherwise compromised workstation, to control and exfiltrate protected information.

Hospitals are often targeted because criminals know they are legally responsible for keeping patient information secure and are thus more likely to pay large sums to protect this data from exposure.

Our clients sleep easier knowing MEDHOST security teams can react quickly to harden their applications' cybersecurity defenses while mitigating the risk of future infiltration.

Our trusted and knowledgeable cybersecurity professionals can gauge existing security conditions, educate from experience, and guide customers through updating protections with minimal disruption to regular workflows.

Virtual Chief Information Security Officer (vCISO)

Long-term change requires strong governance.

An assessment can provide hospitals with a snapshot of their security posture, but dedicated third-party support provides the necessary analysis, coaching, and expertise to eliminate risks identified by these security reviews.

Nevertheless, infosec professionals remain scarce, and healthcare leaders often turn to traditional IT organizations to overhaul their technology controls. While the association seems logical, and there is often some overlap, IT and security are two vastly different disciplines.

IT organizations are incentivized to get a technology or process functioning. If it works, then their primary responsibilities are fulfilled.

The improper management of service and admin accounts is a typical example of how relying on IT providers alone can compromise an entire healthcare information system. Over time, poor risk management, minimal oversight, and less-than-optimal business practices routinely leave these accounts vulnerable to criminal exploitation.

A tremendous burden is placed on IT staff to oversee multiple disparate data systems within hospitals. The partnership of a virtual Chief Information Security Officer (vCISO), providing regular status updates with our clients and their IT teams, is a key feature of MEDHOST’s managed information security services. In these meetings, we offer insight into our strategies for mitigating the effects of cyber threats and keep customers informed on the continued development of improved protective measures.

To learn more about how MEDHOST can help protect its customers from cyber threats and reduce its impact on operations, please reach out to us at or call 1.800.383.6278

You may also be interested in: