The healthcare industry has seen a significant increase in ransomware attacks in the past few years, with a 94% increase in the last year alone. The amount of patient data collected, and the rapid technological development happening in the industry, make it an attractive target, notably when combined with small cybersecurity budgets. Sophisticated cyber actors leveraging common management tools make recent attacks hard to spot, as they are challenging to decipher from legitimate business activities.
Zero-trust network access (ZTNA) is the first step to preventing these types of attacks. This means that no one from inside or outside the organisation is trusted on the network, and any access to data or resources must include verification and authorisation. Multi-factor authentication (MFA) is a good place to start, as it requires additional authentication beyond username and password credentials. Additionally, ensure that only those users who truly need access to data and systems have it, following the principle of least privilege. The fewer entry points into a network, the better.
Assessments are key to improving cybersecurity within a healthcare organisation, especially when working with a tight cybersecurity budget. It is much easier to determine where to focus limited resources when it is clear where there are weaknesses or vulnerabilities, and an understanding of the cyber risk to data, systems, or processes that are critical to protect. Automation can assist in making the most of limited resources, including implementing automated endpoint device configurations and patch management. Making endpoints more resilient will assist in eliminating weaknesses in a network, as most ransomware attacks start with access to a single endpoint.
It is more important than ever that the healthcare industry prioritise cybersecurity in order to protect sensitive patient data and continue operations without disruption in an increasingly digital healthcare world.
Healthcare CISOs and their teams need to consider the following strategies for getting started:
Get a compromise assessment done first and consider an incident response retainer.