Bolstering healthcare IT against growing security threats

As the COVID-19 pandemic unfolds, healthcare organizations are scrambling to ensure the safety and support of patients and staff, while also integrating and learning new technologies to support telehealth practices.

The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the influx of possible security threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released an alert highlighting imminent cybercrime threats to U.S. hospitals and healthcare providers.

Increase visibility

To mitigate cyber-related risk, healthcare organizations’ IT leaders must increase visibility by creating accurate application maps that visualize application and network interactions. This allows them to identify impact and mitigate incidents quickly and accurately, before data is stolen or daily operations are compromised.

The recent ransomware attack that targeted numerous U.S. hospitals was carried out primarily through phishing emails, showing that healthcare organizations must be diligent in training hospital system users to not interact with suspicious emails. If all users take this proactive step, they can collectively serve as the first line of defense against malicious actors.

Healthcare organizations should look to hire more IT security experts when they have open positions, or further train existing staff. For a Nutanix survey, IT leaders were asked about their organizations’ in-house security expertise, and half of the respondents said they did not have enough budget to recruit quality staff.

Further, one in three did not feel they had enough training for staff, and close to ten percent indicated they didn’t have enough staff allocated in general. Ensuring healthcare organizations have enough resources and experienced IT staff on board will help prevent and slow threat permeation.

Stop the spread of healthcare IT security threats

In reality, not all cyber threats can be proactively deterred. Healthcare delivery organizations must have a strategy to stop ransomware spread if their network is infiltrated by malicious actors. Investment in detection and containment strategies can help healthcare institutions save both money and resources. While this preparation requires investment upfront, it will help reduce interruptions and recovery costs should an attack occur.

To start, organizations must invest in technologies that constantly scan for unusual behavior within networks. These abnormal behaviors include things like repeated failed authentications, an unforeseen increase in network traffic, or a large volume of file uploads. In addition to behavioral analysis, it’s important to segment data and networks by sensitivity or priority of need.

Micro-segmentation can be used to divide networks and application components into isolated segments, ensuring that the traffic is limited to what’s required to function and can be monitored and controlled. In the event of an attack, micro-segmentation can help limit the spread to a specific segment rather than to the entire organization. When combined, these solutions can help companies detect and then contain threats more quickly.

However, if a ransomware attack does result in the loss of information contained within the network, healthcare organizations should have a disaster recovery plan in place. Investment in disaster recovery-as-a-solution (DRaaS) technologies allow organizations to recover data from the cloud within minutes, compared to hours, days, or weeks by creating real-time copies of the data that’s stored within the network. A quick response will help limit any disruption to patients or negatively affects the quality of care.

Build a security first infrastructure

Looking ahead, as healthcare organizations prepare for another year of uncertainty, IT leaders should also look to ensure the underlying infrastructure supports their security goals, keeping visibility top of mind. For example, a software-defined, hyper-converged infrastructure allows organizations to reduce complexity by simplifying the hardware and software needed to keep applications running and secure, while providing visibility across the network. Additionally, unified hybrid cloud solutions can also provide visibility, as well as the ability to apply uniform security policies across private and public clouds.

Healthcare organizations must work to secure their networks at the source. Through the implementation, segmentation and securing of digital workspaces, the end user’s access to privileged information is limited. For networks using outside applications, managing third-party vendors on separate networks ensures the protection of patient data. Implementing endpoint security controls, anomaly detection, and zero trust models help protect healthcare organizations from compromising data.

Dealing with healthcare IT security threats

The ongoing large-scale cyber attack against U.S. healthcare organizations shows that health systems can no longer rely on traditional security approaches when it comes to protecting highly sensitive patient data. With COVID-19 further disrupting healthcare IT operations, organizations must be prepared for evolving outside threats that look to take advantage of vulnerable systems.

By increasing visibility and control into networks, educating and hiring expert staff and implementing secure remote work practices, healthcare organizations can best protect themselves from the influx of bad actors preying on an already vulnerable period for the industry.