A strong cybersecurity framework guards against the most prominent cyber threats in healthcare, but this framework should also be scalable to meet new threats. In the first quarter of 2021, the healthcare industry has faced several new types of attacks, and organizations need to step up their security practices to meet these threats.
By staying aware of the latest cyber attacks in healthcare and prepping your security team, your organization can keep a step ahead of today’s cyber criminals. Here is what every healthcare organization should know about the latest healthcare threats and measures to respond.
What to Know About Cyber Health Care Threats
What Are the Most Recent Cyber Threats in Healthcare?
Cyber criminals are using increasingly sophisticated tactics to access healthcare data, and this is occurring on a global scale. This year has already seen several new types of healthcare cyber attacks, as malicious actors target organizations from new angles. Below are a few attacks that have made headlines in the past few months.
- Cloud Vendor Attacks: Cloud computing is a secure alternative to local data storage. However, cloud vendors are not immune to cyber attacks. Recent reports highlight ransomware attacks against several cloud hosting services.
In this attack, the cyber criminal compromises healthcare records and demands a ransom in exchange for the data. The Department of Health and Human Services’ Office for Civil Rights (OCR) has linked breaches of hundreds of thousands of patient records to this group of attacks.
- Targeted Phishing: Phishing attacks have long been a threat to the healthcare industry and cyber criminals continue to polish this tactic. Industry reports show a new type of phishing attack that targets unemployed professionals on LinkedIn. The emails contain links to available, yet fake, job postings. When the victim clicks the link, the script takes over the user’s computer.
This particular attack uses the “more eggs” script, which initially surfaced in 2019. However, there are plenty of phishing attacks that act in a similar fashion. As the pandemic makes workers more vulnerable to these types of scams, healthcare organizations need to be aware of the risk of phishing. One stray click could compromise an entire system.
- ePHI Exposure: Electronically protected health information (ePHI) is at the center of healthcare cybersecurity, and hackers are engineering new attacks to obtain this data. A group of recent cyber attacks involved a vendor whose employee uploaded ePHI to the website GitHub, potentially exposing information like patient names, addresses, social security numbers, healthcare data, and dates of birth. Several attacks of this nature have happened in the past several years, emphasizing the importance of healthcare vendor security and empowered third-party relationships.
News of recent cyber attacks can be overwhelming, and it can feel impossible to stay on top of all the latest threats. However, organizations can guard themselves against present and future threats with a comprehensive approach to cybersecurity. The key is to act proactively and invest in professional support.
What Steps Can Healthcare Organizations Take?
Your organization’s cybersecurity program needs to be comprehensive and flexible enough to handle the latest cyber threats. Fortunately, revisiting security protocols and working with a skilled cybersecurity consultant will help make sure that your solutions are up to date. Here are a few steps you can take today to fortify your security program against these malicious actors.
- Prioritize Cloud Security: Around 83% of healthcare organizations currently use cloud computing services, and this number is set to increase over the coming years. That means that the cloud is an ever-growing target for cyber criminals. Healthcare organizations need to be sure that their cloud security programs are up to par, while paying close attention to factions like IoT cloud security. Safeguarding your cloud services and vetting third-party cloud providers strengthens the barriers around ePHI.
- Run a Managed Phishing Attack: Your organization cannot control phishing attacks, but you can improve how your employees respond to these threats. Healthcare organizations should work with cybersecurity firms to run managed phishing attacks, and educate employees on recognizing phishing attempts. Posting notices about recent phishing attacks, like the one mentioned above, can provide even more details about what employees should look for in their email inboxes.
- Focus on Third-Party Risk Management: Most healthcare organizations work with third-party vendors to complete daily tasks. From IoT device manufacturers to email providers, all of your vendors’ security practices affect the overall security of your organization. A third-party risk assessment program is a must-have tool for vetting and managing vendor partnerships. So, consider adding this program into your cybersecurity framework if you have not already.
- Review Your Incident Response Plan: When it comes to healthcare cybersecurity, prevention is most of the battle. However, security breaches do happen, and how your organization responds makes all the difference. Take the time to review your IT team’s incident response plan regularly. It is also worth working with a cybersecurity consulting firm to review this plan and adjust your protocol based on your organization’s needs. Following best practices and documenting the incident based on federal regulations is part of mitigating the damage from cyber incidents.
News of recent cyber attacks can be daunting for healthcare organization’s of all sizes. However, prevention is vital when facing new and existing threats. Healthcare facilities need to approach cybersecurity from all angles. Cloud security, managed phishing, third-party risk assessment, and incident response are only parts of the complete picture.
Working with an experienced cybersecurity firm will take your healthcare organization’s security program to the next level. These professionals will assess your organization’s vulnerabilities and recommend the best security services to protect against malicious actors. Remember, cybersecurity is not a one-size-fits-all approach, nor is it a one-time fix. Healthcare cybersecurity requires ongoing diligence to protect patient data.
Are you ready to transform your organization’s cybersecurity program? The team at Fortified Health Security offers threat assessment, healthcare security operations, and advisory services for healthcare organizations of all sizes. Based in Franklin, TN, our specialists are well versed in the latest healthcare attacks and mitigation best practices. Contact us today to start building and modernizing your security ecosystem.