A person trying to hack into a computer

8 Ways to Help Protect Your Healthcare Organization from a Cybersecurity Attack

By Emily Arndt on October 30, 2023

It’s cybersecurity awareness month. Is your home healthcare, hospice or assisted living organization ready for today’s cyberattack tactics?

In September 2011, Tricare, a healthcare program for active-duty troops, their dependents and veterans, suffered a major data breach after backup tapes of electronic health records were stolen out of an employee’s car. The information of 5 million patients was compromised, including social security numbers, names, addresses, phone numbers, personal health data, clinical notes, lab tests and prescription information.

In February 2015, Anthem, Inc. suffered a cyberattack that resulted in the biggest healthcare data breach ever reported. 78.8 million plan member records were compromised. A cybersecurity firm confirmed that the breach began when a system user opened a phishing email, after which the download of malware was triggered, allowing the cybercriminals to hack their system remotely.

Cybercrime is scary. According to Cybersecurity Ventures, it’s expected to cost the world $8 trillion in 2023 and $10.5 trillion annually by 2025. Healthcare organizations are especially vulnerable to cyberattacks because of the high-value information they store. That’s why planning and preparation are so critical. To read more about the importance of having a cybersecurity incident response plan for healthcare organizations, visit the HIPAA Journal. Further information about building an Incident Response Plan is included below.

Common types of cyberattacks used on healthcare organizations are:

  • Phishing—the most prevalent type of cyberattack in healthcare, phishing, is when someone clicks on an unsuspecting email that includes malicious links
  • Ransomware attacks—during these attacks, malware is forced into the network to infect and encrypt sensitive data until a ransom is paid
  • Data breaches—the healthcare industry suffers a disproportionate amount of data breaches compared to other industries, during which sensitive electronic data is stolen
  • Distributed-Denial-of-Service (DDoS) attacks—a flood of fake connection requests are directed at a targeted server, forcing it offline

So, what steps can you take to help best prepare your healthcare facility for these types of attacks?

  1. Create a culture of cyber readiness – this requires a multilateral approach, much like the one needed to address physical dangers. According to the Cybersecurity & Infrastructure Security Agency’s (CISA), the six Essential Elements of a Culture of Cyber Readiness for healthcare organizational leaders are:
    • Yourself: You, The Leader, make cybersecurity a major part of your operational resilience strategy. Your investment drives action and activities that build a cybersecurity culture.
    • Your Staff: As the first line of defense, your staff’s skills must continue to grow in practice and training.
    • Your Systems: Protect your critical assets and applications, such as patient and financial information, by building security around them.
    • Your Surroundings: Make sure only those with permission have access to your digital workplace.
    • Your Data: Keep backups and avoid the loss of information that is critical to operations.
    • Your Crisis Response: To try to limit damage and quick restoration of normal operations in the event of an attack, conduct regular drills, making this an extension of your other business contingency plans. Check out the 8 Cyber Security Drills You Should Run in 2022 from CV3.
  2. Train staff and volunteers on cybersecurity awareness, such as instructing them to:
    1. Create strong passwords (or passphrases) and not share them
    2. Recognize and report phishing attempts (this is how 80-95% of all cyberattacks begin) by showing them specific examples
    3. Lock their computer when stepping away
    4. Use multi-factor authentication to log in
    5. Be ready to participate in your cyber incident response plan—an invaluable plan for healthcare facilities, as mentioned above. The US Department of Commerce’s National Institute of Standards and Technology made a step-by-step Computer Security Incident Handling Guide you can easily reference to create an incident response plan. Check it out starting on page seven.
  3. Try to keep your network and systems secure using:
    1. Antivirus software
    2. Firewalls
    3. Other security tools
  4. Conduct a vulnerability assessment to identify the risks to your healthcare organization. You can conduct this assessment yourself. Just reference Intruder’s Step-by-Step Guide.
  5. Develop a holistic cybersecurity plan (check out CISA’s Cybersecurity Resources Road Map, designed for small and midsize organizations, or their Cyber Essential Starter Kit)
  6. Back up data regularly
  7. Have staff update their passwords quarterly
  8. Watch this training on Cybersecurity and Healthcare Facilities from the US Department of Health and Human Services

At Glatfelter, we want to help make sure your patients, staff and administrators are safe from these increasingly sophisticated cyberattacks. An entire section of the Glatfelter Healthcare website is devoted to risk management and cybersecurity. For example, check out our blog called 3 Ways to improve cybersecurity at healthcare organizations in times of crisis.

Finally, with today’s growing cybersecurity threats, it’s important to be insured by a cyber product that is designed to meet the modern threats your healthcare organization faces.

Glatfelter is proud to be introducing a more robust, standalone, non-admitted cyber product, available to new and renewal clients beginning January 1, 2024. Visit the link below for access to applications and more information.

LEARN MORE

You have the knowledge and power to help secure your healthcare agency’s sensitive data. Consider this the start of a new commitment to a culture of cybersecurity awareness.



Emily Arndt

Em, a proud cat mom to Margot and Teddy, enjoys learning guitar, the beach, writing, and working on her sarcasm.

DISCLAIMER

The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.

Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.

This blog post may contain the content of third parties and links to third party websites. Third party content and websites are owned and operated by an independent party over which Glatfelter has no control. Glatfelter makes no representation, warranty, or guarantee as to the accuracy, completeness, timeliness or reliability of any third party content. References to third party services, processes, products, or other information does not constitute or imply any endorsement, sponsorship or recommendation by Glatfelter, unless expressly stated otherwise.

Related posts

How you can help protect your most important asset: your people, and how to help them set up their insurance benefits so that they reflect their wishes.

Continue Reading

It’s crucial to understand the fundamentals of employment practices, why they’re important and ways you use them to help protect your organization and your most important asset, your...

Continue Reading

Submit a Comment