Info@NationalCyberSecurity
Info@NationalCyberSecurity

Ascension’s Cybersecurity Incident Puts Healthcare On Alert | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Ascension health’s recent ransomware cyberattack is a stark reminder of the urgent and shared responsibility we all bear in the face of escalating cyber threats. The past five years have witnessed a staggering 256% increase in large breaches involving hacking and a 264% increase in ransomware incidents reported to the Office for Civil Rights (OCR). As healthcare CIOs, we must urgently lead the charge in rethinking our cybersecurity strategies.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued three crucial recommendations to combat ransomware. These recommendations are not mere suggestions but essential, non-negotiable steps to protect our healthcare systems. However, from an operational standpoint, implementing these measures is a complex task that requires careful planning and execution.

Keep Everything Updated

The first and most fundamental CSA recommendation is installing operating systems, software, and firmware updates promptly. While this may seem daunting, it is crucial for maintaining the security of your systems. Healthcare organizations must prepare for system breakdowns and downtime during upgrades, recognizing that the frequency of updates increases the complexity of this task. There currently is no way to implement updates quickly enough to avoid potential downtime.

Healthcare CIOs should consider employing two teams or hiring external support to focus on system updates and patches for core technologies.

MFA Everything

The second recommendation calls for implementing Multi-Factor Authentication (MFA) across as many healthcare systems as feasible. While MFA significantly enhances security barriers against cyber threats, its implementation is not always convenient and can be time-consuming, especially for clinicians who see patients continuously. Healthcare CIOs should also ensure MFA adoption for users onsite at their organizations. Historically, most healthcare organizations have implemented MFA primarily for external users; however, the current need demands extending these security measures to users onsite as well.

A scenario to avoid involves healthcare executives allowing administrative assistants to manage their email inboxes, often with the MFA authenticator app installed. If an executive’s user credentials get compromised and MFA authentication is triggered, there’s a good chance the assistant will unknowingly approve the access, thinking it’s a legitimate request. Many executives have assistants managing their accounts, which raises security concerns for CIOs.

User Education

The final recommendation focuses on educating users about recognizing and reporting phishing attempts. Training healthcare staff in phishing awareness is crucial as it equips them to identify and avoid malicious emails that threaten sensitive data. Organizations actively prevent breaches that exploit human errors by teaching healthcare employees the latest phishing tactics. Regular updates and simulations of phishing scenarios keep the healthcare workforce alert and prepared to address emerging cybersecurity threats. Additionally, users typically take less than 60 seconds to fall for phishing emails, emphasizing the need for rapid and practical training.

Cybersecurity breaches directly impact patient safety, as seen in incidents where healthcare organizations had to divert patients because clinicians could not access electronic systems. Errol Weiss, Chief Security Officer at Health-ISAC, agrees and said, “When hospitals get attacked by ransomware, it becomes an attack on patient care and safety. Hospitals cannot rely on the government for help. They need more investments in cyber security — including technology and the people to run those systems — to better protect the complex IT infrastructure used in today’s modern hospitals.”

To combat this, Healthcare CIOs must creatively establish new cybersecurity operating models.

——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW