Can the healthcare industry stay ahead of cybercriminals?


The healthcare industry, like many others, has been the victim of numerous cyber attacks. In fact, healthcare breaches became front-page news in 2015 with a hack of Anthem Blue Cross, which is still the largest healthcare data breach to date. Since then, attacks have highlighted critical vulnerabilities in the healthcare sector’s networks with attacks causing system outages, destroying data, or targeting business operations.

Since facilities switched to digital records due to government mandates and incentives as outlined by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act., healthcare networks have become increasingly complex. While Electronic Health Records (EHR) enable physicians to easily access and share critical medical information and have greatly improved the performance and effectiveness of medical centers, they make the healthcare ecosystem prime targets for hackers. Unfortunately, due to the critical patient data they hold, supplemented with key personal identifiers, medical organizations have become common targets for attacks.

Each year, attacks on the healthcare sector have increased, with 2020 being a particularly bad year. Not only was the industry battling the global pandemic, they were also hit with a barrage of cyberattacks. This combination led to some of the biggest healthcare data breaches seen in recent years. September alone saw 95 data breaches, reported by HIPAA-covered entities and business associates, that exposed 9.7 million records.

Also compounding Healthcare network security vulnerabilities in 2020 was non-essential employees, outside of medical practitioners, first responders, and those treating patients, who transitioned to working from home or to a hybrid on in-office and work from home. Many of these employees still had access to personal health information (PHI), and cybercriminals took advantage of the circumstances to develop new attacks and phishing schemes, many exploiting Covid-19 fears.

What can companies do to protect themselves?

To remain HIPAA and HITECH compliant, hospitals and other medical facilities need to implement solutions to oversee network activity and make changes as necessary. By following the guidelines listed below, the healthcare industry can stay ahead of cybercriminals and keep them from accessing sensitive patient information.

Deploy the right tools to monitor devices and activity

All desktops, laptops, mobile devices, and medical devices connected to the network should be monitored and complete network activity reports maintained. Make sure they have firewalls, such as NG Firewall, and sophisticated anti-virus protection. It is also important to keep all software and protections up-to-date, never skip or put off an update.

Control Access to Protected Health Information

Ensure that only authorized parties are able to handle sensitive patient information and prevent unauthorized access and data exfiltration. In accordance with basic standards for privacy and confidentiality as outlined in HIPAA and HITECH regulations, patient information should be available based on pre-established, role-based privileges, ensuring that different roles within a physician’s practice do not have access to the same information. For example, people working in a hospital’s pharmacy don’t need to see the patient’s history of illness and access should be granted accordingly. Remember to promptly revoke system access for employees who leave the organization.

Isolate the impact of a potential attack

Just as preventing employees from accessing sensitive information that they don’t need access to will ensure privacy and confidentiality, creating separate networks for different purposes can ensure that any attack is isolated regarding the damage that it can do. For example, putting all IoT devices on a separate network away from servers used for day to day data exchanges will ensure that if an IoT device is compromised, those servers will not be affected.

Backup data regularly

It is highly recommended to use a trusted backup and archiving service, one that continuously scans to ensure backups are free of any type of malware, to keep your information and backups safe. Having multiple backups is also recommended as this provides extra insurance in case yesterday’s backup has an issue, you can go back a day further to ensure a clean restore.

Enforce password policies & deploy multi-factor authentication

Passwords are the first line of defense in preventing unauthorized access to any computer. With employees in constant contact with sensitive personal information, keeping passwords secure is paramount. It is important to use strong passwords – combinations of characters, symbols, and numbers that cannot easily be guessed, and change them regularly.

In addition, using MFA, sometimes known as two-factor authentication (2FA), can add an additional layer of defense to any login or credentialed-access portal. This additional authentication asks for either a text message, secondary email, or other form of access confirmation, and most times this cannot be faked by hackers.

Assess risks often & plan for the unexpected

Use a platform that allows you to oversee network activity and make changes as needed, leading to full regulatory compliance. Keep on top of current threats and schemes, and their prevention, and rigorously monitor for unwanted or unauthorized network access attempts.

Also, having a recovery plan in place is imperative so that if a security breach occurs, there is a clear, step-by-step procedure in place. Network administrators must be prepared to quickly access backups and restore functionality, which requires knowledge of what data was backed up, when it was backed up, where the backups are stored, and what is needed to restore them


Train employees

Keeping employees informed about phishing emails, suspicious links, and other overall cyber security policies will go a long way. Continuously train employees to notice suspicious activity and report it before it becomes an out of control cyber attack. As security adversaries find new ways to infiltrate networks, keeping employees trained and up-to-date will only strengthen your network security.

Use VPN for remote workers

VPNs extend the same protections and policies to remote workers that employees receive in the office. Using VPN connectivity creates a shield around incoming and outgoing traffic from remote devices, keeping all communications encrypted and secure.

Ensure vendors are compliant

Some of the largest healthcare security breaches have been through third-party vendors that can affect multiple providers. Set and enforce requirements for vendors to take proper steps to monitor and detect threats, as well as to limit access to their systems.

While cyber attacks have increased across business sectors and sizes, the healthcare industry has a unique set of challenges to meet HIPAA requirements and keep sensitive patient information safe. To properly address these concerns, healthcare IT administrators must implement an array of network monitoring and management tools to block unwanted or unauthorized network access attempts, preventing malware, ransomware and other online threats from breaking into sensitive medical databases.