Fortified releases Mid-Year Healthcare Cybersecurity Horizon Report

Fortified Health Security releases Healthcare Cybersecurity Mid-Year Horizon Report covering medical device security, ransomware attacks (WannaCry / Petya), and more.
Fortified Healthcare Cybersecurity Mid-Year Horizon Report Mockup


Focus on steps healthcare organizations should take to improve their cybersecurity posture to arm themselves against future attacks

Fortified Health Security, a leader in information security, compliance and managed services, focused solely in the healthcare industry, has released a mid-year update to its annual Healthcare Cybersecurity Horizon Report. This extensive report is released at a critical time for healthcare organizations when cybersecurity attacks, like WannaCry and Petya, are on the rise. The report details the urgent state of cybersecurity in healthcare, increased threats, predictions and steps that organizations should take to improve their cybersecurity posture, including the significance of addressing the emerging issue of medical device security.

“2017 continues to pose significant uphill challenges for the healthcare industry when it comes to safeguarding patient data,” said Dan L. Dodson, president of Fortified Health Security. “Threats like WannaCry and Petya can be avoided by following the fundamentals of a strong cybersecurity program. The Horizon Report details what healthcare organizations can do moving forward to better protect themselves from future attacks.”

What to Know About Cybersecurity

2017 Mid-Year in Review

The Horizon Report provides a review of predominant cybersecurity issues and breaches faced by healthcare organizations thus far in 2017, including the prominence of ransomware in these attacks. These attacks are happening faster than in 2016 and proving that there is still much work to be done to protect personal health information.

“These breaches are coming at a time when patients are starting to act more like consumers, forcing healthcare organizations to guard their reputations, develop strategies for better patient engagement and provide increased amounts of sensitive data to multiple interconnected devices,” said Dodson. “Recognizing the potential impacts of a breach on your organization before one occurs is important as many health systems only start investing in cybersecurity after they have been negatively impacted by an incident, and at that point, it may be too late for some patients.”

Cybersecurity Task Force Report Findings

The report also details key findings from the Cybersecurity Task Force Report that was released on June 2, 2017. The report states that most healthcare organizations lack sufficient financial resources, struggle with retaining in-house information security expertise, and don’t have the infrastructure to identify and track threats – much less analyze and act based on the information – and are likely running unsupported legacy systems that cannot be supported.

“The task force’s report paints a clear picture of a healthcare industry that has rapidly digitized in the last ten years without significant investment in cybersecurity,” said Dodson. “The balance between providing real-time data to physicians at the point of care in a minimally disruptive manner, coupled with the charge for interoperability, has left the healthcare market more connected and more vulnerable to attacks than ever before.”

Best Prevention = Proactive Measures Around People, Process & Technology

The Horizon Report provides recommendations for the best preventive measures that healthcare organizations can take that focus around people, process and technology. The “people” factor must be addressed and continually measured to increase effectiveness. The report also explains how there must be processes in place around backups, incident reports, breach notifications, and disaster recovery. Technologies such as Security Information and Event Management (SIEM), Data Loss Prevention or Intrusion Prevention Systems (IPS) can be leveraged to identify and even react to a ransomware attack as it is happening.

“The best prevention against WannaCry or any attack are proactive security measures around people, process and technology,” said Dodson. “An in-depth defensive strategy will position organizations with a multi-layered, multi-faceted approach that will reduce your surface exposure exponentially.”

>> Download Fortified Health Security’s Mid Year Horizon Report here.