The level of successful cyberattacks on hospitals has shocked many over the past few weeks. United Health Services’ computer network including patient and clinical data and laboratory systems was taken down, with the organization struggling for days to digitally recover its 400 hospitals. Similarly, Ashtabula County Medical Center in Ohio was taken offline for days and the organization had to postpone elective procedures. Most tragically, a German woman became the first-known person to die at the hands of cyberattack after hackers targeted her hospital with ransomware. The depths of cybercrime are undoubtedly reaching new lows and the threat to patient safety is growing exponentially higher as the line between digital and physical attacks blurs.

Amidst this flurry of high-profile attacks comes National Cyber Security Awareness Month; a poignant reminder that, for hospitals and healthcare providers, cyberattack prevention and business continuity is truly a matter of life and death. Over the course of the pandemic, we have seen ransomware and phishing attacks against healthcare institutions — viewed by cybercriminals as vulnerable and profitable targets — dramatically skyrocket. The trend is only expected to continue, and it is clear that healthcare providers cannot wait to reevaluate their cybersecurity practices and infrastructure at a less burdensome time. But where, in an ever-evolving threat landscape, should healthcare organizations focus their attention?

 

Assess the risk landscape

The most critical step for hospitals is to identify where sensitive data lies within the network and exactly how many devices — from medical wearables to tablets used by clinicians to internet-enabled thermostats — are connecting to the network. In almost all cases, hospitals that conduct this mapping exercise will uncover multiple instances of insecure devices interacting on the network, letting them enforce more effective permission policies for connection. 

From here, it is important to gain a clear understanding of the interoperability workflows and practices that exist within the organization. How does the hospital ensure that sensitive clinical information and assets are only shared with the authorized individuals, quickly and securely? Identity and application security are considered the new network perimeter – the frontline that cybercriminals will attack — so it’s important to control who has access to what systems to limit the potential of attackers to move laterally across the network if they do stake an initial foothold. Establishing this visibility will also enable the hospital to determine which workloads and assets can and should be moved to the cloud for added security and optimized patient care.

 

Invest in employee training

The biggest risk to security for any organization in any industry is its employees. For healthcare organizations, the threat is much higher, as hackers are targeting hospital workers with pervasive phishing attacks that spoof government health organizations and promise critical information related to COVID treatment to trick them into clicking links and downloading malware. It is essential that all employees undergo robust training on security protocols and know how to identify phishing attacks, as well as report suspicious activity as it occurs so security teams can investigate and mitigate potential threats. 

 

Automate cybersecurity controls

Nonetheless, frontline workers are under enormous pressure, and we cannot expect every individual to catch every single attempted cyberattack, especially as they grow in sophistication and increasingly leverage AI and social engineering to manipulate employees. In fact, many of the phishing emails I have seen could even fool a seasoned cybersecurity professional with their high attention to detail. What we must remember is that employee cybersecurity training is just the first line of defense. The second line must be automation. By leveraging automated security management tools, hospitals can greatly reduce the risk of human oversight or error and rapidly respond to potential threats as they emerge. AI-powered security tools have even been shown to spot highly sophisticated cyberattacks launched by nation-state actors and proactively shut them down before they can have any material impact on the target organization. If it takes talent, time and significant resources to attack the hospital, cybercriminals will be less likely to make the investment to attack the hospital in the first place.

In this time of heightened risk, it’s critical that hospitals reassess their cybersecurity practices and infrastructure. Security must be a fluid part of the organization’s strategy that is always evolving in reaction to the changing threat landscape. With clear visibility into all data flows and devices on the network and a robust training program for employees, paired with sophisticated, automated tools to prevent attacks, we can better defend our hospitals’ digital infrastructures as frontline workers protect society’s most vulnerable.