2 Healthcare Hacking Incidents Affect 310,000 Patients
Experts Urge Entities to Bolster Security Now, Before They Become Similar Victims
… “Strengthening security controls should have been on the radars of healthcare organizations for many years now,” says Keith Fricke, principal consultant at privacy and security consultancy tw-Security.
Current challenges in implementing these controls include a national shortage of information security professionals and the effect that COVID-19 has had on hospital budgets and staffing, he says.
“Smaller organizations may have the mindset that ‘it won’t happen to me’; criminals are less discriminate about who they attack – they look for ways to gain unauthorized access to organizations of all sizes,” Fricke says.
… Fricke says cybercriminals have high interest in compromising computer accounts with elevated privileges. Therefore, protecting those accounts with multifactor authentication is essential, he says.
Also, regularly scanning internet-facing systems for vulnerabilities and remediating high-risk findings is critical. “We continue to see healthcare breach metrics point to compromised servers via hacking as the predominant reason breaches occur. Organizations must regularly conduct internal phishing campaigns, track click rates and provide training. Phishing is a primary vector of attack,” he says.
… Organizations should ask their internet service providers what DDoS prevention capabilities they have in place, Fricke says. “Same goes for any organization filtering email through a third-party service.”
… Fricke says that entities should also carefully review their cyber insurance policies. “In these times of conflict, insurance carriers may view cyberattacks as an act of war. Consequently, policy language may exclude coverage with respect to acts of war.”
For more information or to schedule a FREE initial consultation – contact tw-Security.
Read More