February 10, 2021

Imagine you had a time machine that allowed you to travel back to the days when knights actually wore armor and damsels were occasionally in distress. In this era, you might eventually happen across a massive fortress-like structure, fortified in stone and surrounded by water. You immediately recognize it as a castle, complete with moat and drawbridge; and, unless you get an invite from the local lord, you’re probably going to have a difficult time getting an inside tour.

High towers, thick stones and surrounding water traps were the cutting-edge means of protecting a building back in the Middle Ages. Today, however, the methods of attack are ingeniously sophisticated, and we must erect new defenses to match the threat. That is especially true when it comes to large institutions with lots to lose, like hospitals.

The Threat is Real and Growing

Make no mistake; the American healthcare industry is under attack. Foreign and domestic actors are doing all they can to compromise patient privacy and corrupt data integrity for reasons ranging from greed to . . . well, greed! Spyware, malware and ransomware are ubiquitous. Hospitals are hit every day with such threats; and, unless the facility has strong firewalls and well-followed protocols, their data will be breached. It’s like a hacker having the ability to virtually command the castle guard to lower the drawbridge.

I know what you’re thinking. This is old news! After all, you’ve been protecting your processes and information since going digital. You started off by installing McAfee or some other antivirus application. You then created an IT department and even conferred with a cybersecurity consultant; and that’s all great! However, you might not realize how coming changes within the healthcare industry will only add to hospital vulnerabilities.

Hospitals will be increasingly reliant upon digitization in the months and years to come. This is the crux of the issue. The utilization of virtual medicine is expected to rise this year and in the years ahead—one of the many side effects of the coronavirus event. Out of necessity, people were thrust into the telehealth world and found it convenient, if not preferable. If this trend continues, there will be just that many more opportunities for the hacker to gain access to digitized information. In addition, the increasing use of robotics and artificial information (AI) in the years ahead will give these cyberwarriors more targets to attack. These attacks, however, will not just threaten privacy but will hit at the very heart of the hospital’s core mission—the ability to fully harness its latest healing technologies.

InfoSecurity Magazine is reporting that 11 hospitals in the U.S were recently attacked by cyber actors, which resulted in the release of personal data pertaining to thousands of patients and employees—yes, employees. According to international IT security provider Check Point, “cyber-attacks on global healthcare organizations surged by 45 percent in the final two months of 2020 versus the previous two months, more than double the rate of those targeting other sectors.” So, the threat is real. The question is, what can hospitals do about it?

Reimagining Your Defenses

The moat and retracted draw bridge worked fine in the days of horse-mounted marauders; but, in this new age of sophisticated software and cloud-driven technology, new defense mechanisms will need to be designed and deployed. And this process must be continual. The bad guys never stop thinking of new ways to defeat your firewalls, and so the good guys must always be ready to respond with increasingly effective counter-measures.

So, what specifically can hospitals do to weather the storm that is sure to come from outside agents? Here are a few suggestions to get the ball rolling:

Undertake an audit of your current cyber-defense status. Determine where the potential gaps might be found.

Commit to investing the necessary resources in cybersecurity. In other words, the CFO and the board of directors will need to bite the bullet and do what they must to protect the facility from the inevitable attacks. That means bolstering IT staff and investing in new systems, if required. Hire proven leaders in cyber-defense who are committed to, and can be trusted with, keeping abreast of the latest threats and defense strategies.

IT staff should consider creating a mapping system that allows an optimized visualization of application and network interactions. According to one healthcare strategist, this will allow staff to identify breaches and mitigate incidents quickly and accurately, before data is stolen or daily operations are compromised.

Training and retraining and more training of all facility employees in security protocols should be undertaken. The hospital must create a culture of healing first, but security second. Security must become a watchword, always in foreground, front and center.

Consider containment strategies designed to limit the damage. Healthcare strategist Cheryl Rodenfels wrote in January:
Micro-segmentation can be used to divide networks and application components into isolated segments, ensuring that the traffic is limited to what’s required to function and can be monitored and controlled. In the event of an attack, micro-segmentation can help limit the spread to a specific segment rather than to the entire organization.
These are a few ideas that facilities should consider as initial steps in securing the castle. You know the enemy is coming. Are you set up for a sound defense?

If we at MiraMed Global Services can assist you in this critical area, please reach out to our experts by going to info@miramedgs.com.