How Hospital CISOs Can Tackle Cyber Security Challenges

Featured article by Rick DelGado, Independent Technology Author

Cyber criminals are increasingly targeting companies around the world, and the healthcare industry is no exception. With databases of private health data full of personal information, a hospital system with anything from lists of BLS certification to transplant waiting lists is a treasure trove for malicious hackers and spyware. We’ve seen multiple examples lately of what can happen when hackers take over, potentially costing healthcare organizations thousands of dollars and leading to the release of thousands or millions of pieces of confidential information.

The charge to protect sensitive health records and tackle cyber security risks is led by a hospital’s chief information security officer—a difficult task, especially when considering the many vulnerabilities of most hospital systems. Many cyber criminals have turned away from the secure and un-hackable systems in the finance and retail industries to instead focus on attacking the more archaic systems in the healthcare industry. It’s never been more important to have a strong, cohesive plan to fight cyber crime. Here are five things CISOs can do to improve their cyber security efforts.

– Know your systems. Knowledge is power—one of the best ways to fight against a potential cyber security attack is to know your system inside and out. This can be done by regularly assessing the weak points of the system and knowing where the sensitive data and systems are located. Keep your system up to date with regular upgrades and reassessments. By identifying the assets you most want to protect, you will be able to create a strategic plan and keep a better eye on potential attacks.

– Test for weaknesses. Regularly run tests and simulated attacks on your systems to find the most vulnerable areas, including perimeter security, malware software, regulatory compliance tests, antivirus software, backup devices, and more. These tests will not only show you where the weak spots are, but also help you prioritize your various risks. Areas that are weaker or that have more sensitive information can then be at the forefront of the defensive plan.

– Gather information to detect attacks. By its nature, IT involves a lot of information, so the key comes to gathering the most pertinent data that could point to potential attacks. There are a variety of internal and external information-gathering capabilities on the market that can collect data to a single location and boil it down to the most vital points, making it easy to detect potential attacks. Cyber attacks can happen quickly, so early detection can be key in mitigating the effects of an attack.

– Have an action plan. Knowing the intricacies of your system is worthless unless you have a plan of how to protect your information and what to do in case of an attack. Because cyber security threats are so invasive and numerous, it is often impossible to address every risk. Instead, prioritize and take action against critical items and have a plan that all IT employees can easily refer to in case something makes it through the security cracks. Many hospitals have multiple plans for what to do in various levels of attacks.

Your plan should include a way to quickly back up and recover data, which is becoming increasingly crucial as ransomware attacks make it more important than ever to be able to accessed hacked data. Your plan should also include flow charts of communication, responsibilities, and response times. Test your plan with mock attacks a few times a year to stay on top of current threats and program capabilities.

– Outsource to a cyber security firm. Managing, predicting, and defending against potential cyber security attacks can be a daunting task, especially in a hospital environment with limited resources. A specialized cyber security firm can often allocate more resources into protecting your online assets, but the service can be costly. To maximize efficiency, many security experts recommend strategically choosing which assets to outsource to focus on the most at-risk areas.

Even with all of the planning and testing, no system is completely immune to a cyber attack. A CISO-led plan to prevent attacks and minimize damage if they do occur can be instrumental in protecting the private information of your business and patients.

by Rick DelGado, Independent Author

“I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of writing. I’ve started doing freelance writing and I love to write about new technologies and how it can help us and our planet.” – Rick DelGado