Cyberattacks on Hospitals: Top Lessons from Critical Infrastructure Breaches

Stay up to date on our latest blogs and content

Subscribe

By Jeff Bell | May 14, 2021

2 minute read EHR/EMR| Blog

The lessons learned from analyzing breaches in 2020 has underlined the need for healthcare providers to double-down on security. The recent Colonial Pipeline attack has, once again, demonstrated the vulnerability of US corporations to ransomware attacks and the significant impact to patients, businesses and our communities.

In a recent Briefings from HIPAA article, I was asked to weigh in on the 2021 Breach Barometer from Protenus. There certainly is progress being made, there are a few key takeaways from this and the latest attack for healthcare IT leaders to be aware of:

  • Fewer patients were impacted from a higher number of overall breaches according to the Protenus report. This is evidence that progress is being made in cybersecurity programs.
  • Work from home has opened new security gaps. In the rush to implement and expand capabilities in response to the COVID-19 crisis, shortcuts were possibly taken that violated security best practices. Examples include:
    • Using older laptops with unsupported operating systems
    • Permitting use of personal devices to access the corporate network
    • Loosening security posture requirements for remote connections
  • Hospitals and healthcare often lack enough qualified security professionals to perform all that is needed for a strong security posture, including patching, periodic and consistent vulnerability and penetration testing, monitoring of networks and systems, investigation of security events, and incident response. (See the NIST Cybersecurity Framework for a more complete list of essential security functions.

The recent Colonial Pipeline attack has elevated national impact due to the role of Colonial in the US critical infrastructure. Likewise, the over 400 hospitals and thousands of healthcare sites where CereCore provides IT services are also a component of the US critical infrastructure.

Cybersecurity Guides and Resources:

In support of our customer’s security efforts and all US health systems, I’ve compiled a list of helpful cybersecurity guides and resources.

I hope you find these resources helpful to protect your own organization from cybersecurity risk. If we can be of any assistance in helping your health system inventory and analyze your IT infrastructure or supplement your security efforts, our teams are available for a conversation.

About the Author:
Jeff Bell

CISO, Advisory Services, CereCore

Put Us to Work

Let us know how we can support your initiatives and take some of the heavy lifting from healthcare IT.

Untitled-4