Cyberattacks can result in the theft of sensitive protected health information (PHI), ransom demands, and disruption of critical care services that put patient health and lives at risk. To counteract these threats, healthcare organizations must adopt a holistic cybersecurity strategy that secures not just the core infrastructure but also connected medical devices.
Taking a holistic cybersecurity approach will require shifting from a reactive security posture to a more proactive strategy, including using advanced cybersecurity tools to help mitigate ransomware attacks and other threats. These tools include robust backup and disaster recovery plans (including immutable backups), incident response planning, medical device security, and gaining a deeper understanding of the overall threat landscape.
Implementing Better Core Infrastructure Protection
To start, healthcare organizations must move beyond traditional backup and recovery methods to effectively defend against sophisticated ransomware attacks. Modern ransomware attackers know how to infect existing backups along with the primary production environment because they understand that the ability to restore a valid backup is the best way to foil the plan to disrupt operations and extort ransom. This recent trend of infecting backups has led to the growth of technologies such as immutable backups to provide a standalone unalterable copy that is locked to prohibit edits.
Therefore, if a catastrophic event occurs where a healthcare organization’s primary and secondary data centers are corrupted, this third copy—the immutable backup—can be restored much quicker than working around corrupted primary and secondary copies. This becomes a critical element in recovering from a ransomware attack.
Another factor driving the need for more proactive security measures is the cyber liability insurance industry. Cyber liability insurance companies are taking a deeper look at cybersecurity processes and procedures and are now mandating higher levels of protection, particularly for core infrastructure.
In addition to technology investments, people play a crucial role in cybersecurity, and this needs to go beyond the traditional IT and security teams. While security teams must deeply understand the threat landscape and continuously monitor for potential threats, other roles in the healthcare organization need to be involved in the cybersecurity strategy (the C-suite) and end-user training (clinical engineering and care teams), to be able to identify when a cyber event is occurring.
These teams need to be included in a comprehensive incident response plan outlining the steps to take in case of a breach or attack. Cybersecurity incidents take place in minutes, and there is a very short response window to contain the attack – usually less than 15 minutes. As a result, hospitals must have these incident response programs in place to help train IT, clinical and C-suite teams using protocols and immediate action drills to stop an attack before it goes too far. These plans must also be regularly updated and tested to be the most effective.
Beyond Core Infrastructure: Medical Device Protection is a Must
Most healthcare cybersecurity programs, regulations, and best practices have traditionally focused on protecting data and more conventional IT assets, such as servers and networks. This is undoubtedly a critical area for data protection, but in today’s evolving threat landscape, connected medical devices (encompassing any device that connects to a patient and a network including infusion pumps, pacemakers, etc.) are becoming a prime target for cyberattacks with direct safety ramifications.
The conventional cybersecurity mindset must be shifted from data protection to protecting the patient first.As a result, core infrastructure protection technologies will increasingly need to beextended to end-user devices.
For example, it is a common misconception that software is the only thing needed to protect medical devices, but software alone is not a cybersecurity program. A more comprehensive approach to medical device security should encompass all levels of the healthcare organization, and the IT team should review existing policies and procedures to understand the security risks involved with medical devices. In addition to regular software updates, this approach must include robust authentication mechanisms, regular penetration testing, employee training, policy definition, breach detection, medical-device manufacturer cybersecurity risk assessments, and more.
Holistic Cybersecurity: The Way Forward
In conclusion, a holistic cybersecurity approach—encompassing all aspects of operations, from core infrastructure to medical devices and going beyond the IT team— is crucial in the fight against ransomware and cybersecurity threats in the healthcare industry. By taking a proactive and comprehensive approach to cybersecurity, healthcare organizations can minimize risks posed by cybercriminals and ensure the integrity of their operations, as well as the safety and well-being of their patients.
John Gomez is an internationally known healthcare technology and cybersecurity leader, author, and speaker providing cybersecurity expertise and guidance to healthcare organizations for more than 30 years.