in parts one and two In this series, we focus on challenges and solutions that help hospitals and healthcare systems improve asset management and medical device safety. In the last part, we will cover why asset management alone is not enough.
In the ever-changing threat landscape facing hospitals and healthcare systems today, asset management (the process of creating an inventory of devices connected to a network) is critical to identifying potential threats. With thousands of IoT and connected OT devices on a hospital network, and thousands more connected each year, this is getting harder, but there are things hospitals can do to improve asset management and visibility across the network sex.
However, as ransomware attacks hospitals Increase Will reach 123% in 2020, and continue to plague hospitals and healthcare systems throughout 2021, asset management alone will not be enough to deter cybercriminals. Doing what we can to stop hackers, cybersecurity readiness and resiliency – not just prevention and threat detection – have become an important part of hospitals’ cybersecurity strategies to ensure they can continue to provide care in the event of an attack. If prevention isn’t enough, what should a robust cybersecurity plan look like for a hospital? How can you prepare?
Cyber Resilience – Not Just Cyber Security
Over the past few years, a new buzzword has emerged in the cybersecurity world: cyber resilience. This refers to an organization’s ability to bounce back or even continue to operate in the event of a cyberattack. Throughout the Covid-19 pandemic, with new and growing cyber threats, resilience—not just prevention—has become even more important.
With limited funding and resources to deal with cybersecurity threats, many hospitals and healthcare systems are not yet truly cyber-resilient. Cybersecurity providers, including Cynerio, are partly at fault for overemphasizing asset management without ensuring hospitals have the tools they need to mitigate attacks and continue to provide patient care in the event of an attack. A recent study by the Ponemon Institute suggests that in the event of a ransomware or other attack, this could have devastating or even fatal consequences Report Ransomware was found to lead to increased mortality in healthcare settings.
Unfortunately, this has become a hospital reality.Springhill Medical Center in Alabama headline News A cyberattack last year in 2019 left healthcare providers without access to critical medical equipment and records. Without the tools and resources, health care providers can miss a struggling newborn, ultimately causing the baby to die after nine months.
Prepare for a cyber attack
Given these recent events, there are several steps and strategies hospitals can take to improve their cyber resilience.
- Cyber Security Training: How do cybercriminals get into hospital networks? Usually, through employees. Maybe they clicked a suspicious link or downloaded a malicious file from an email, or maybe they carried an unsecured device and connected to your hospital’s network. Education is key to helping staff identify signs and practices that may make your hospital vulnerable to cyberattacks.
- Zero Trust Security: Zero Trust is exactly what it sounds like – it’s a network security model that removes trust by restricting access to an organization’s network and the devices contained within it. Instead of allowing anyone or any device to automatically join your network, hospitals should require strict authentication for all users and devices.
- Network segmentation: Network segmentation divides a network into parts, each of which acts as an isolated segment of the network. More segments mean more secure networks because they make it harder for attackers to traverse the network without authorization. Network segmentation can address the vast majority of critical equipment risks, but most hospitals still operate on flat networks, allowing cybercriminals to freely access critical data and resources once inside the network.
- Prepare for the worst: Even with the above steps, it is still possible for cybercriminals to find a way into your hospital network to attack. That’s why preparation is key. Just as you will conduct fire drills to ensure employees are prepared in the event of a fire, you must ensure that all employees, both inside and outside the IT department, understand the steps to take in the event of a fire attack. As is the case with Springhill Medical, it is also important to ensure that healthcare providers are properly trained to continue to provide quality care offline, or that device remediation solutions are in place to ensure that devices can continue to operate safely in the event of an attack.
Preventive strategies such as asset management are still necessary to protect against cyber threats. But asset management alone is no longer enough to protect hospital networks. Cyber resilience provides an extra layer of protection to ensure operations can continue, patients remain safe, and healthcare providers have the tools they need in the event of a cyberattack.
Going forward, cybersecurity providers will need to place greater emphasis on cyber resilience, providing hospitals with solutions for remediation and mitigation in the event of an attack. After all, with visibility alone, all a hospital can do is watch an attack happen, when we need to give them the tools to fight back. In the new world of cyber threats, life and death are at stake.
Photo: Traffic Analyzer, Getty Images
