Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceHospitals & Medical Centers

A 3-step approach for healthcare organizations to elevate cybersecurity

By Jay Abdallah
Nurse points to medical device
November 10, 2021

The immense horizons of digitalized healthcare are shining bright — but dark clouds do exist.

Perhaps the biggest concern is cybersecurity, and for good reason. According to the HIPAA Journal healthcare organizations experienced a 25% increase in breaches in 2020, with 642 large breaches reported and 29 million records affected. Meanwhile, an Ipsos study found that 48% of U.S. hospitals have had to shut down networks in response to or to prevent cyberattacks, and these shutdowns cost between $21,500 and $45,000 per hour.

Fortunately, healthcare organizations are responding. Cybersecurity awareness is growing. But converting that awareness into action — the correct action — must happen urgently.

This article presents three steps that every healthcare organization should take to elevate cybersecurity, drawn from decades of experience protecting critical infrastructure around the world, from oil & gas plants to airports to power grids.

Step 1: Assess where you are — but don’t stop there

The first step is deceptively simple: Where are your vulnerabilities? Yes, it’s straightforward, and it’s usually easy to take this first step. The challenge is that many people stop here.

Most organizations follow all the best practices for assessments — defining their system, testing vulnerabilities, creating zones and conduits, analyzing risk and documenting their process.

But then, nothing happens. Perhaps seeing the full solution laid out feels daunting, but so is the average cost of a data breach in the U.S. healthcare industry: $8.64 million, according to an IBM study. There’s no sugarcoating it — it will take time and resources to take the next step. But will it cost nearly nine million dollars?

Step 2: Fix the issues you find in the assessment — quickly

Once an organization has committed to acting on Step 1’s findings, the priority needs to be speed. Think about implementing countermeasures over a span of days and weeks, not months and years. But how? And with whom? If cybersecurity isn’t your organization’s forte, it’s worth partnering with an experienced vendor. Here are two good questions to ask potential cybersecurity service partners:

  1. Do you manufacture the technology you’re trying to protect?
  2. Do you have domain expertise in healthcare?

The first question is about hardware expertise. Many cybersecurity consultants are far more comfortable in the world of IT than operational technology (OT). However, hospitals are full of connected OT devices, from room controlling thermostats to humidity and air quality sensors. Each of these could be a backdoor into a network, and cyberattackers often exploit these overlooked OT devices. Without solid knowledge of OT devices, your vendor may only optimize one half of the IT/OT integrated network.

The second question is about compliance. Requirements for data management practices and building system criticality are different for hospitals than they are for just any commercial building. These healthcare-specific requirements will surely factor into your assessment. One objective that your vendor should target is to achieve a minimum Security Assistance Level 1 compliance to the IEC62443 standard. If you have no idea what that means, that’s okay — just make sure your vendor does.

Step 3: Monitor your system 24/7 — and do it with managed services

There’s no “set and forget” for cybersecurity programs. Cyber threats change by the minute. Do you have in-house resources to monitor and respond to every escalation of privileges? Or can you review every modification of an important file?

If not, having a managed service partner just a phone call away — with the ability to show up on-site if needed — takes the pressure off of an organization. Managed services often involve a combination of human and AI-powered monitoring to secure organizations.

Often, the difference between a breach and an attempted breach is the speed it takes to respond. With human and machine intelligence monitoring your system, you can act much faster.

Magic tricks 

Following these three steps is a proven roadmap for elevating cybersecurity.

I know these steps are easier said than done. Trust me, if we could simply press a button and make all the cyber threats vanish into thin air, we would. Unfortunately, there are no shortcuts or magic tricks in the pursuit of cybersecurity. It takes steady, methodical focus.

The good news is, you don’t need in-house cybersecurity expertise to achieve expert cybersecurity. All you need is a firm commitment to act.

By taking these three steps — all of them! — you’ll elevate safety and security, minimize risk and protect business continuity. That way, you can forge ahead into the new world of digitalized healthcare with confidence.

KEYWORDS: convergence cyber attack losses cyber security initiatives data breach response healthcare cybersecurity hospital security IT infrastructure

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Screenshot (69)

Jay Abdallah is the Vice President, Cybersecurity Services at Schneider Electric, a cybersecurity managed services provider.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • incident-response-freepik1170x658v6.jpg

    A 3-step approach to cyber defense: Before, during and after a ransomware attack

    See More
  • healthcare ipad cybersecurity

    A new approach to healthcare cybersecurity

    See More
  • medical professionals looking at computer

    3 steps to lay the foundation for stronger healthcare managed defense

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing