How to Fend Off Cybersecurity Risks in Healthcare

Published on May. 15, 2018

Recent incidents have shown the critical importance of taking effective action to ensure cyber safety. More and more companies make it into the headlines following security breaches. The impact ranges from mere embarrassment to significant financial losses.

“Cybercrime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors” according to an Intel Security white paper.

Cybersecurity in the Healthcare Industry

Although all industries are affected, the healthcare sector remains a high interest for attackers since the information during the breath can be extremely valuable. The high level of personal data stolen can be used to create a string of attacks on an individual after the main breach.

Along with stealing data, hackers use their ‘bugs’, or ransomware, to hold systems hostage. As technology advances so does cybercrime. It was initially predicted that ransomware would grow 25% in 2017.

It was initially predicted that ransomware would grow 25% in 2017.

Even with the amount of anti-ransomware technology rising, cybercriminals have been launching focused attacks. This year, an attack against the England’s National Health Service (NHS), demonstrated that cyber attacks can quite literally have life and death consequences.

The ransomware infected the hospital's key systems which caused the data to be scrambled and, in most cases, shut down completely. Without their data and information, the hospital was forced to turn away patients and cancel surgeries. People were advised to seek medical attention only in the case of an emergency.

To restore access to a device they had to provide payments. Similarly, a Los Angeles hospital was hit with a cyber attack. It locked doctors and nurses out of their computer system for days, which resulted in having to pay $17,000 in Bitcoin to the ransomware hackers.

Proof in the numbers

41% of IT executives have experienced at least one security incident this past year.

The reach of cyber attacks is shown in the numbers. This past year, incidents include more than 40 million people in the US, 54 million in Turkey, 20 million in Korea, 16 million in Germany, and more than 20 million in China.

They also estimate that the annual cost to the global economy from cybercrime is between $375-$575 billion in June 2014. According to a survey conducted by PwC, 41% of IT executives have experienced at least one security incident this past year. Of those, 37% reported financial losses as a result.

Actionable tasks

Although this information seems daunting, there are many easy, actionable tasks you can do today to help protect your business.

1. Anti-virus software

Having anti-virus software is important, but outdated software won’t protect against the constantly changing attacks. You must make sure it is updated.

Updating the software depends on your computer and the type of anti-virus software you use. Two common ways to update your anti-virus software: directly through the program that was initially installed or through the antivirus web page.

2. Use a VPN (Virtual Private Network)

Using a VPN creates a safe and encrypted connection over a less secure network. The most common way people get VPN’s is through a monthly service. There are several types of VPN options which include varying degrees of convenience and security.

3. Cyber Hygiene

Employees are the first line of defense. Educate and train them on how and why they may be targeted. It is important to emphasize that they need to exercise caution when opening email attachments. If you do not have the skills and knowledge to train the employees yourself, look for an online course and tools to help assist.

Make sure to keep these training brief, frequent, and focused. Ten-minute lessons will fit busy work schedules, monthly training keep security top of mind, and single-topic lessons are easy to learn and remember.

4. Know the Risks

Understand the vulnerabilities of the business in terms of device management and the different ways hackers attack. Reduce your risk through security centered device management such as a policy for device usage which says what you’re allowed to do with the system or device at work.

Use proactive practices and policies to engage each employee in the security process such as installing web-protection software that blocks devices from visiting known dangerous sites in the workplace.

5. Strong Authentication

Include a second step to access an account. An example of this is when an employee enters their password, the system sends a credential to a specific device that they own, such as an SMS sent to a mobile phone.

The employee must enter the credential to confirm access. An intruder would have to intercept that SMS message in addition to stealing the password, making an attack far more difficult.

There is no one single thing that can protect a company entirely from cyber attacks. It takes a combination of different measures and attention from every employee to increase security. Even the smallest action towards protection will certainly reduce your risk. A few simple changes can make you less hackable than the guy next to you, which may be the difference between a restful vacation or a few weeks of misery.

If you work for a corporation that is interested in meeting cutting edge startups tailored to your specific business goals, get in touch here.

If you are a startup with an amazing idea and great technology looking for a partner to grow, get investment, and find new clients, get in touch here.