5 Tips for Healthcare Cyber Security

In a previous blog, we discussed the recent epidemic of ransomware attacks on U.S. healthcare organizations and the importance of the industry taking this very serious cyber security threat – and healthcare cyber security in general – seriously. The good news is that although a ransomware attack can bring a healthcare facility to its knees, ransomware attacks can be prevented by taking precautionary measures.

5 Tips for Healthcare Cyber Security

Following are five tips for healthcare organizations to protect themselves against ransomware and other healthcare cyber security attacks.

1. Build a Culture of Healthcare Cyber Security Awareness in Your Organization

Ransomware usually doesn’t make its way onto a network through an automated attack but through simple social engineering techniques, such as employees clicking on phishing emails or inadvertently installing malware. Many facilities simply do not take healthcare cyber security seriously. Unlike many other industries, healthcare was very slow to go digital, and as a result, many healthcare employees look at information technology as more of a hindrance than a benefit. They may also feel that information security is “the IT department’s job,” and that their focus should be solely on treating patients. Employees must be taught that preventing cyber attacks is every bit as important as preventing infections and biohazard exposure incidents, and that cyber security is everyone’s “job,” regardless of their position within the organization.

Among the ways to change your employees’ attitude and instill a culture of healthcare cyber security awareness:

  • Include information security in your organization’s core values, right next to patient care.
  • Provide comprehensive security training at regular intervals. Having new hires watch one “training video” isn’t enough.
  • Ensure that all supervisors model information security best practices and remind employees that everyone is responsible for preventing cyber attacks.

2. Secure Mobile Devices

Due to the advent of electronic health records (EHRs), mobile devices are becoming very popular in healthcare facilities. However, because of their portability, these devices are subject to loss or theft. They are also susceptible to electromagnetic interference, which can corrupt the data stored on them.

Best practices for mobile device use in a healthcare setting include:

  • Ensure that all mobile devices used within the facility are equipped with multi-factor authentication and access controls, including strong passwords that are changed regularly.
  • Avoid storing electronic health information on mobile devices. In cases where data must be stored on them, the data should be encrypted.
  • Mobile devices should be physically tracked. They should not be permitted to leave the facility except under specific circumstances outlined in your organization’s policy.
  • Patients and other visitors to your facility should never be allowed to access your organization’s secure network.

3. Back Up Your Data and Your System

This step may seem obvious, but many organizations (healthcare and otherwise) do not regularly conduct secure backups of their data. In addition to backing up data, organizations should also create a system and configuration backup, known in the IT industry as a “gold image.” Regular backups are essential because, should a facility fall victim to a ransomware attack, it can restore its data and systems instead of paying the ransom.

4. Control Physical Access to Your Data and Network

In addition to securing your digital data and files, make sure you also secure your organization’s physical devices and storage media (such as flash drives, CD’s, and portable hard drives) through such measures as:

  • Limiting physical access to server rooms and all areas where computers are used. Employees and visitors who do not have a compelling need to access the server room shouldn’t be allowed to do so.
  • Restricting the ability to remove devices from secure areas and from the facility in general.
  • Maintaining a visitor log and installing security cameras.

5. Enlist the Services of a Professional Healthcare Cyber Security Firm

In addition to internal security personnel, a culture of security awareness, and a solid security plan, it’s a good idea for facilities to also enlist the services of a professional cyber security firm such as Lazarus Alliance. The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest threats and technologies, and are committed to protecting your healthcare organization from attacks. We offer full-service risk assessment services and Continuum GRC software to protect hospitals and other healthcare organizations from data breaches and ransomware attacks. Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization prevent ransomware attacks and data breaches.

The Cybervisors Are Here Vigorously Addressing Global One Million Cyber Security Job Shortage

A recent report revealed that “More than 209,000 cyber security job postings in the U.S. are unfilled, and postings are up 74% over the past five years.”

Lazarus Alliance Cybervisor’s are the front line for the global business community bridging this critical cyber security job talent shortage.

Cybervisor cyber security job

Steve Morgan, a professional acquaintance who writes about cyber security for Forbes published One Million Cyber security Job Openings In 2016 and revealed some jaw-dropping statistics concerning the growing deficit in hiring qualified cyber security employees. To make matters worse, this chasm is exacerbated by the explosion of corporate breaches impacting and even decimating businesses in financials, education, business, government and especially healthcare.

A recent report revealed that “More than 209,000 cyber security jobs in the U.S. are unfilled, and postings are up 74% over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) 2015 analysis of numbers from the Bureau of Labor Statistics.” It is pretty clear that while there currently is not enough talent to go around; this is only getting exponentially worse.

Another report included “A report from Cisco puts the global figure at one million cyber security job openings. The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million” stated Michael Brown, CEO at Symantec, the world’s largest security software vendor.” This only turns up the anxiety level on companies who are scrambling to avoid being the “breach du jour”.

Compounding matters are that there is a significant increase in regulatory and compliance requirements across all industries. Every compliance framework out there went through major overhauls in 2015. In some cases as is the case for the SSAE 16; doubled in complexity. The situation just got more expensive and complex.

The only clear answers for businesses who want to remain viable in the global cyber threatscape come in the form of increased efficiencies and leveraged resources. Two of the best solutions that have emerged to address these challenges are:

Retain a Cybervisor®:

Retaining the help from dedicated and verifiable cyber security experts costs less than the expense of hiring just one (1) cyber security employee. And yes, that was a plural not singular expert. With professional Cybervisor services companies get the expertise of many seasoned experts who collaborate and stand together to support their clients.

 

 

Automation is Your Friend:

It’s time to work smarter and not harder! By utilizing automated cyber security and GRC tools, we have discovered that employees are so much more efficient and effective. In fact utilizing a tool like ITAM consistently makes the cyber security, GRC assessments and reporting processes a whopping 180% more efficient on average. When time is money, ITAM is like getting three (3) dedicated cyber security employees for less than the cost of one (1).

Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™.

The Citadel Breached – The Cyber Security Act of 2015

Lazarus Alliance unveils the next generation of cyber-crime prevention for organizations with NIST and SEC, NFA compliance requirements in concert with the Cyber Security Act of 2015.

Lazarus Alliance released the next generation antidote to fight cyber crime, compliance failures, corporate fraud and criminal cyber-misconduct with the IT Audit Machine (ITAM).

Lazarus Alliance unveils the next generation of cyber-crime prevention for organizations with NIST and SEC, NFA compliance requirements in concert with the Cyber Security Act of 2015.

Considered to be the best assessment tool for governance, risk and compliance (GRC) in the global business community, this next generation of ITAM ups the ante by managing big data and frameworks with virtually endless possibilities. These new enterprise capabilities coupled with the already powerful analytic and logic features are a technological force to be reckoned with.

Congress & President Obama recently enacted a cybersecurity piece of legislation known as the “Cybersecurity Act of 2015” which is designed to ensure that public companies “provide a basic amount of information about the degree to which a firm is protecting the economic and financial interests of the firm from cyber-attacks” using guidance from the SEC, NFA and the National Institute of Standards and Technology (NIST).

Michael Peters, CEO of Lazarus Alliance said “The IT Audit Machine NIST and SEC, NFA compliance assessment modules are just one of the many innovations from Lazarus Alliance that really sets us apart from other cyberspace Security, governance, risk and compliance firms.”

Gone are the days where audits, assessments and compliance work was overshadowed by endless spreadsheets, version control madness, escalating costs and audit anarchy. The IT Audit Machine puts the power of technology, collaboration and simplicity to work for the entire enterprise and does it in a progressive, proactive way.

Cyber-crime prevention is of paramount concern to organizations of all sizes, all industries and on all parts of the world. Lazarus Alliance put its extensive experience in cybercrime and fraud prevention in the governance, risk and compliance (GRC) spaces to work for the global business community.

“Service providers globally are under increasing attack by cyber criminals. These criminal acts could have been prevented through a proactive cyber security position. Lazarus Alliance is proactive cyber security with our NIST compliance and assessment automation modules.” said Peters.

Lazarus Alliance’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence, in any jurisdiction. Lazarus Alliance specializes in IT security, risk, privacy, governance, cyberspace law and compliance leadership solutions and is fully dedicated to global success in these disciplines.

Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™!

Download the whitepaper!