In 2019 cyberattacks cost the healthcare industry USD4 billion, making it the worst ever year for data breaches. If healthcare organizations are to gain ground on modern cyber threats, they must follow certain key security strategies to build much needed cyber resilience.
Here are five security best practices to keep the industry healthy:
Embrace the zero-trust security model
A recent report shows that in the healthcare sector more breaches are caused by internal than external threats. This can be attributed to human error, lapsed security oversight, or intentional abuse of privilege access to sensitive data and systems.
By implementing a zero-trust approach, healthcare organizations can introduce granular controls on network traffic. This takes away the opportunity for modern attackers and internal rogue users to leverage attacks and gain access to sensitive personal health information (PHI) while remaining under the radar.
READ MORE
Adili Group unveils East Africa's cyber training arena to boost cybersecurity
Access to digital skills critical to linking youths with much-needed jobs
Strengthen public digital infrastructure against rising cyber threats
How African varsities can fortify defences against cyberattacks
Zero Trust is an emergent philosophy for information security; a mentality for how to think about cybersecurity and how to do cybersecurity. It is based upon the principle of “trust nothing, verify everything” and focuses on protecting resources regardless of where they are.
Improve your security posture against Ransomware
Ransomware is a devastating weapon in the hands of cybercriminals targeting healthcare, accounting for over 70 per cent of malware outbreaks in the sector.
Such attacks have brought healthcare operations to a grinding halt, paralyzed connected medical devices and systems, and encrypted healthcare records to render them inaccessible by caregivers.
Alongside a next-gen firewall, one of the most effective methods for protecting against ransomware attacks is to use of an endpoint protection solution. Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees, are essential components of every single security setup.
Get around the skills shortage
Lack of personnel with the appropriate cybersecurity knowledge and expertise is one of the major challenges for healthcare service providers. This is especially a headache for those who don’t have a full-time, in-house security expert.
Healthcare organizations that lack cybersecurity resources, should invest in Managed Security Service Providers (MSPs) who can take care of their entire cybersecurity and provide comprehensive protection that is managed from one platform.
Cover blind spots in your digital transformation efforts
Transacting information between patients, caregivers, insurance agencies, and other stakeholders should be seamless and secure. Software-defined networking (SD-WAN), with its flexible architecture, has emerged as a new favorite among healthcare organizations to meet these requirements.
It’s crucial to provide reliable and secure access to classified healthcare data at a time when many hospitals are adopting new technologies like network-connected medical devices, telehealth, and medical apps such as picture archiving and communication systems (PACS).
Next Generation firewalls make it possible to achieve SD-WAN connectivity in line with your security and continuity goals.
Promote cyber awareness
Another major concern for healthcare organisation is the lack of cybersecurity education and poor data privacy awareness among employees.
Having the right cybersecurity culture is important to help reduce healthcare’s high susceptibility to a wide range of sophisticated cyberattacks.
Healthcare organizations should consider running regular awareness campaigns to make their employees, partners, and vendors more aware of the latest cybersecurity scams and phishing tactics, and thus be better prepared to take the right action when they encounter malware or phishing activities.
The writer, Sharon Ombongi, is the Country Manager, Kenya, Sophos.