Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementAccess ManagementHospitals & Medical Centers

3 steps to lay the foundation for stronger healthcare managed defense

By John Whetstone
medical professionals looking at computer

Image via Unsplash

February 6, 2023

Healthcare organizations (HCOs) today are tasked with juggling multiple priorities — striving to achieve the ultimate trifecta of rapid innovation, regulatory compliance and highly effective cybersecurity — all while delivering the best possible health outcomes.

To be successful in this age of digital transformation, HCOs are increasingly turning to cloud technology to make it all happen. Yet, many don’t have the required experience to manage these new systems and ensure highly sensitive and valuable patient data that’s been migrated to the cloud remains secure on their own. Instead, many organizations choose to invest in managed cybersecurity services as a force multiplier for their existing cyber defense teams. 

In fact, Gartner estimates that the managed detection and response (MDR) market will reach $2.15 billion in revenue in 2025, up from $1.03 billion in 2021. And according to ClearDATA’s research, most larger provider organizations and those with more advanced cloud maturity outsource their security and compliance solutions, with as many as 80% of HCOs delegating some degree of their cybersecurity processes.

But that doesn’t mean HCOs are off the hook when it comes to cybersecurity. To get the best results and ROI from their managed defense investment, organizations must take the time to truly understand their existing cybersecurity posture and establish strong internal processes at every level of the company.

Here are three steps every HCO should follow to lay the foundation for stronger managed cyber defense:

Evaluate an organization’s strengths and weaknesses

No matter how committed an HCO is to protecting itself, no cybersecurity program is perfect. That’s why every organization’s journey must start with one crucial first step: clearly defining an organization’s strengths and weaknesses.

An HCO, likely already conducts security risk assessments (SRAs) to better understand an organization’s cybersecurity readiness. Begin by reviewing the findings from past SRAs to identify exactly where an organization excels, and what vulnerabilities may need additional support. Two key areas to drill into are the technologies and processes used to secure a workforce’s digital identity and cloud service adoption roadmap. These two areas are tightly coupled as an employee’s corporate digital identity serves as their access pass to the organization’s cloud services. 

For many HCOs, there are two primary areas where they fall short, leaving themselves vulnerable to malicious cyberattacks: a lack of modern security awareness training, which often leads to mistakes allowing threat actors to compromise the corporate digital identity of under-informed employees; and out-of-date software and applications that have been “lifted and shifted’ from the data center and into the cloud.

Invest in up-to-date workforce security training

The unfortunate truth is that many cybersecurity incidents and breaches are the result of human error — in all industries. Even the most rigorous cybersecurity processes and market leading tools provide little to no utility if an employee continually reuses credentials associated with publicly disclosed breach data, utilizes weak passwords, clicks every link in every email or leaves their laptop accessible in a public space, where prying eyes can potentially gain access to valuable data.

The first step for CIOs and CISOs is to screen their workforce. Confirm that team members are trustworthy by conducting background checks. Enroll them in cybersecurity training upon employment. Throughout the year, evaluate their performance and IT hygiene to confirm they are following the cybersecurity best practices on which they were trained.

Ensure that whichever security training program invested in is up-to-date and covers cybersecurity best practices that are based on the current threat landscape. For example, training programs should include a focus on preventing phishing attacks, which have historically served as the biggest problem for organizations in any industry. Today’s sophisticated phishing attacks resemble actual emails, and for many non-technical users, these emails may appear to be genuine. An entire organization should be able to recognize, avoid and report potential phishing attacks.

Lastly, don’t be afraid to enlist internal security teams or a managed cybersecurity partner to conduct phishing simulations against an organization. It’s been said that a good offense is the best defense. This adage applies directly to the realm of cybersecurity and can help to pinpoint users who need additional training and monitoring to keep their corporate digital identity secure. Also, keep in mind that while multi-factor authentication (MFA) is a necessary and valuable technology in the event credentials have been compromised, it isn’t always enough. Many modern red team training courses teach numerous techniques for bypassing MFA. Malicious threat actors utilize these same techniques, so ensure that they are included in simulations and cover how to spot them in employee security awareness training. 

There isn’t room for excuses, it’s time to patch software vulnerabilities

If anything was learned in the last two years, it’s that phishing isn’t the only way modern threat actors are wreaking havoc on HCOs worldwide. Initial access via exploitation of software vulnerabilities such as Log4shell and the slew of Microsoft OS and Exchange flaws have been highly targeted by immature and sophisticated threat actors alike. In fact, during the first half of 2022, ClearDATA witnessed tens of millions of attempts to exploit vulnerabilities in cloud hosted applications leveraging the Log4J software. 

While clinical systems are often fragile, production web applications and databases must be resilient and facilitate regular updates and patches. Organizations should make like Robert Frost and avoid what appears to be the simplest path to the cloud, which is often referred to as “lift and shift.” Not taking the time to refactor an application to utilize modern cloud native deployment strategies and technologies to build highly resilient and secure applications does both the organization and the individual’s sensitive data promised protection a great disservice. 

No matter whether an organization chooses to utilize virtual machines, containers or serverless technology in the cloud, there must be a solid strategy for hardening and updating these workloads.

KEYWORDS: compliance tools data protection healthcare cybersecurity phishing ROI

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John Whetstone is the Vice President of Managed Cybersecurity Services at ClearDATA. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Insights on Emergency Management

    3 Simple Steps to Address Patient Violence in Healthcare Facilities and Hospitals

    See More
  • healthcare-freepik1170x658v57.jpg

    3 steps to securing healthcare networks

    See More
  • enterprise wide cybersecurity training

    The first line of defense: Why employees are the key to stronger cybersecurity

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 150 things.jpg

    The Handbook for School Safety and Security

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!