Trends and tips in healthcare cybersecurity  | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The NIST Cybersecurity Framework and collaboration

When hospitals seek to improve their cybersecurity measures, Kimerle emphasizes the importance of adopting a structured approach. He recommends using the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework as a foundation for developing cybersecurity strategies. This framework provides a comprehensive and standardized approach to managing and reducing cybersecurity risks.

Collaboration within the healthcare industry is another critical trend. Healthcare chief information officers (CIOs) are increasingly looking for a more integrated and end-to-end solution to reduce risk effectively. Rather than relying on piecemeal point solutions, they seek a cohesive cybersecurity tools and services that work together seamlessly.

“They are looking for the ecosystem to come together and offer them a more end-to-end solution to fundamentally reduce their risk,” he said. 

Addressing cybersecurity challenges for smaller hospitals

Smaller hospitals with limited IT resources often face unique challenges in cybersecurity. Many are now turning to service solutions from vendors, such as managed detection and response, to access expertise and support without the need for extensive in-house cybersecurity teams. These services provide a more personalized and hands-on approach to cybersecurity for organizations lacking dedicated IT expertise.

Even healthcare facilities with substantial IT staff and in-house cybersecurity experts are urged not to become overly confident. Kimerle highlights the value of bringing in external advisors to examine systems from fresh perspectives. Regular audits and assessments help uncover vulnerabilities and potential risks that internal teams may overlook.

“I think for those organizations that need a more white glove end-to-end concierge approach, we’re seeing cybersecurity companies that can offer that as a service, get access to their expertise, but only what they need. They are looking for trusted advisors or new advisors to come in and look at things that you haven’t looked at. You want to make sure the unknowns become known to you through these advisors,” Kimerle explained.

Healthcare ransomware and rapid recovery

Ransomware attacks continue to be a substantial threat in the healthcare sector. While complete prevention may be elusive, organizations are shifting their focus toward rapid recovery. The ability to restore critical systems and data swiftly is now a top priority. This shift from merely backing up data to ensuring fast recovery from backups is a notable trend in healthcare cybersecurity.

Expanding threat surfaces and adaptive resilience in cybersecurity

While employees opening emails with ransomware attachments is one of the primary ways attackers infiltrate health systems, Kimerle said a growing threat is from the major increase in the IT surface that can now be attacked because of staff working remotely and the internet of things (IoT). Health systems have seen a massive growth since COVID of employees who can, working from home. Hospitals also have seen a massive growth in their IoTs, where everything from imaging scanners, contrast injectors, patient tracking tags, patient monitors, mobile computing, computerized medication carts, and inventory control systems all connected to wireless networks pose a multitude of new cyberattack entry points. 

“You’ve got the FDA regulated medical devices that you can’t keep patched because of the FDA requirements. And so clearly healthcare has a fundamentally large surface on which threats can attack. So again, you’re looking at the solutions community for solutions to inventory all the medical devices and create some actionable plans to plug those gaps. And again, that’s where I think it’s not just a single solution. It’s really figuring out how the industry can work together to take care of all the threats,” he said.

Kimerle said “adaptive resilience” is another emerging trend. Healthcare institutions are diversifying their data protection strategies, using tiered resiliency to decrease cyber risk. This includes having multiple copies of data available on the primary array for rapid restoration, making data less vulnerable to cyberattacks.


Click Here For The Original Source.

National Cyber Security