Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity NewsHospitals & Medical Centers

Why hospitals can’t ignore this cybersecurity awareness month

By Mike Wolkowicz
Healthcare Data Compliance: Maintaining Integrity, Privacy and Security
October 19, 2020

The level of successful cyberattacks on hospitals has shocked many over the past few weeks. United Health Services’ computer network including patient and clinical data and laboratory systems was taken down, with the organization struggling for days to digitally recover its 400 hospitals. Similarly, Ashtabula County Medical Center in Ohio was taken offline for days and the organization had to postpone elective procedures. Most tragically, a German woman became the first-known person to die at the hands of cyberattack after hackers targeted her hospital with ransomware. The depths of cybercrime are undoubtedly reaching new lows and the threat to patient safety is growing exponentially higher as the line between digital and physical attacks blurs.

Amidst this flurry of high-profile attacks comes National Cyber Security Awareness Month; a poignant reminder that, for hospitals and healthcare providers, cyberattack prevention and business continuity is truly a matter of life and death. Over the course of the pandemic, we have seen ransomware and phishing attacks against healthcare institutions — viewed by cybercriminals as vulnerable and profitable targets — dramatically skyrocket. The trend is only expected to continue, and it is clear that healthcare providers cannot wait to reevaluate their cybersecurity practices and infrastructure at a less burdensome time. But where, in an ever-evolving threat landscape, should healthcare organizations focus their attention?

 

Assess the risk landscape

The most critical step for hospitals is to identify where sensitive data lies within the network and exactly how many devices — from medical wearables to tablets used by clinicians to internet-enabled thermostats — are connecting to the network. In almost all cases, hospitals that conduct this mapping exercise will uncover multiple instances of insecure devices interacting on the network, letting them enforce more effective permission policies for connection. 

From here, it is important to gain a clear understanding of the interoperability workflows and practices that exist within the organization. How does the hospital ensure that sensitive clinical information and assets are only shared with the authorized individuals, quickly and securely? Identity and application security are considered the new network perimeter – the frontline that cybercriminals will attack — so it’s important to control who has access to what systems to limit the potential of attackers to move laterally across the network if they do stake an initial foothold. Establishing this visibility will also enable the hospital to determine which workloads and assets can and should be moved to the cloud for added security and optimized patient care.

 

Invest in employee training

The biggest risk to security for any organization in any industry is its employees. For healthcare organizations, the threat is much higher, as hackers are targeting hospital workers with pervasive phishing attacks that spoof government health organizations and promise critical information related to COVID treatment to trick them into clicking links and downloading malware. It is essential that all employees undergo robust training on security protocols and know how to identify phishing attacks, as well as report suspicious activity as it occurs so security teams can investigate and mitigate potential threats. 

 

Automate cybersecurity controls

Nonetheless, frontline workers are under enormous pressure, and we cannot expect every individual to catch every single attempted cyberattack, especially as they grow in sophistication and increasingly leverage AI and social engineering to manipulate employees. In fact, many of the phishing emails I have seen could even fool a seasoned cybersecurity professional with their high attention to detail. What we must remember is that employee cybersecurity training is just the first line of defense. The second line must be automation. By leveraging automated security management tools, hospitals can greatly reduce the risk of human oversight or error and rapidly respond to potential threats as they emerge. AI-powered security tools have even been shown to spot highly sophisticated cyberattacks launched by nation-state actors and proactively shut them down before they can have any material impact on the target organization. If it takes talent, time and significant resources to attack the hospital, cybercriminals will be less likely to make the investment to attack the hospital in the first place.

In this time of heightened risk, it’s critical that hospitals reassess their cybersecurity practices and infrastructure. Security must be a fluid part of the organization’s strategy that is always evolving in reaction to the changing threat landscape. With clear visibility into all data flows and devices on the network and a robust training program for employees, paired with sophisticated, automated tools to prevent attacks, we can better defend our hospitals’ digital infrastructures as frontline workers protect society’s most vulnerable.

KEYWORDS: cyber security hackers healthcare security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mike Wolkowicz is VP of Security for the Americas at BT.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber security

    Going back to the basics this Cybersecurity Awareness Month

    See More
  • AI-enews

    Why Enterprises Cannot Afford to Ignore AI and Emergent Technology in Their Cybersecurity Strategy

    See More
  • Healthcare Data Compliance: Maintaining Integrity, Privacy and Security

    Three Reasons Healthcare CISOs Can’t Ignore Vendor Compliance

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing