AT&T : Cybersecurity in the Healthcare Industry

Cybersecurity in the Healthcare Industry: The Best Defense is Offense

Most of us get an annual physical to ensure we're in good health. So too should healthcare organizations regularly conduct a check-up of their cybersecurity plan. Cybercrime is one of the biggest threats the healthcare industry faces. Yet, many organizations aren't prepared to handle cyberattacks.

Just look at recent headlines. A ransomware attack earlier this year brought a major healthcare system to its knees, crippling its services for 4 weeks. And that was just one of many since the start of the pandemic. Ransomware attacks on the healthcare industry are becoming more frequent and costly. In fact, Cybersecurity Ventures predicts ransomware attacks on healthcare organizations will grow 5X before end of year. And another report shows healthcare cyberattacks doubled in 2020.

'The impact of COVID-19 has created more opportunities for malicious actors to target organizations in many industries, especially healthcare,' said Bindu Sundaresan, director of AT&T Cybersecurity. 'Healthcare organizations have expanded their remote system access and management but are challenged in keeping up with protecting sensitive information from malicious actors.'

Other reasons the healthcare industry is a growing target for cybercriminals include:

• Hospitals store an incredible amount of confidential patient data that's worth a lot of money to hackers.
• Connected medical devices are also an easy entry point for attackers. These devices can be used to launch an attack on a server that holds valuable information.
• Oftentimes, outdated technology means an organization is unprepared for attacks.

So, what's the first step in creating a cybersecurity strategy? It's a cliché, but the best defense is offense. A healthcare provider must adopt a security-first mindset. A potential data breach should be viewed as a 'when' not an 'if' occurrence.

'Business is not static, and neither are the solutions that enable and protect it,' added Sundaresan. 'As a business evolves, so too must the operations and security solutions that protect it. Today, a cybersecurity strategy needs to be nimble to match the pace and dynamic modeling of the business it is protecting.'

In addition to best practices like planning for the unexpected, using firewalls, installing and maintaining anti-virus software, and controlling access to protected health information, there are several cybersecurity services a healthcare organization can use to help make its network more resilient to cyberattacks:

• Cybersecurity consulting services - These address the essentials of security with a multi-layered approach and can help healthcare organizations with:
  • Risk posture assessments
  • Effective vulnerability management
  • Security compliance (HIPAA, HITRUST)
  • Cybersecurity IQ training
• Endpoint security - These solutions help protect organizations' laptops, desktops, servers, and mobile devices.
• Network security - These services help protect and connect users, data, and apps on-site, remotely, or in the cloud.
• Threat detection and response - These solutions provide continuous security monitoring, incident investigation, and incident response

With today's evolving threat landscape, many organizations can't keep up with fighting against cybercrime. They realize it's not their core competency. Some organizations are turning to fully managed cybersecurity solutions, like Distributed Denial of Service (DDos) Defense and Managed Threat Detection and Response. DDoS attacks are among the most disruptive activities passing over the internet. In a DDoS attack, multiple devices are used to overwhelm a targeted server with requests and take web applications offline. These attacks can cost a company time and money. With a fully managed DDoS defense service, potential attacks can be detected and mitigated.

All these solutions can help guide a healthcare organization's journey to cyber resiliency. But that means making cybersecurity a fiscal, technical, and operational priority. What's your organization's cybersecurity game plan? Perhaps the best place to start is with a check-up.