Over the holidays, a cybersecurity breach at a New Jersey hospital forced the healthcare facility to turn away emergency department visitors and suspend outpatient services. This type of debilitating cybersecurity breach could happen to any health systems at any time across the country. Michael Diamond, Business Reporter for Asbury Park Press and the USA Today network, wrote an article exploring the issue of cybersecurity hackers targeting hospitals. The article features insights from Sese Bennett, virtual Chief Information Security Officer (CISO) for CereCore. Bennett provides insights into the prominence of cybersecurity attacks and how hospitals can protect themselves. Here is a preview of Bennett’s insights.
Why are hospitals a target?
Attackers prey on hospitals because they are aware of how much hospitals have to protect. Often these attackers use ransomware attacks or medical device hacks to invade healthcare facilities. These types of intrusions can impact patient care by halting the hospital’s ability to provide care, and they can also impact the physical well-being of their patients.
What are the attackers looking for?
What cybersecurity attackers are looking for depends on the type of cybersecurity attacker. For instance, state-sponsored hackers are interested in medical information, not necessarily profit. These hackers want to obtain patient information such as names, Social Security numbers, addresses and other contact information.
However, ransomware attackers’ primary motivation is monetary. The attackers encrypt a hospital’s system and require payment in order for the hospital to regain access to their systems and records.
How can hospitals protect themselves?
Hospitals should take a multi-step approach to protection.
1. Master the basics.
Hospitals need to make sure they are doing the basics very well. Basics include using strong access controls and limiting access to the network as much as possible while monitoring systems and networks. This step enables hospitals to discover anomalies within the network.
2. Be proactive.
Don’t let vulnerabilities sit unaddressed. Implement tools such as disaster recovery and business resumption to help discover potential susceptibilities and patch them appropriately.
3. Educate users.
Making sure users are aware of potential security threats and proper cyber behavior is crucial to evading an easily avoidable cybersecurity breach.
As healthcare facilities grow increasingly reliant on technology, cybersecurity breaches need to be treated as a when not an if event. By understanding hackers’ motivations and being proactive about your systems’ vulnerabilities you can be better prepared for a cybersecurity breach. To read more of Sese Bennett’s cybersecurity insights visit.
