7 key steps for protecting against cyberattacks
Healthcare organizations must be proactive to minimize and better manage the attack surface. See these 7 steps to get started.
Cyberattacks targeting healthcare facilities are on the rise with no end in sight, threatening patient care, personal data, clinical outcomes and hospital resources.
Ransomware attacks as well as data breaches are prevalent. Adversaries are fine-tuning their techniques and weapons to target valuable information.
Healthcare information technology, which provides critical life-saving functions, can be vulnerable because it consists of connected, networked components – from legacy to modern-day systems – with varying levels of security. Vulnerabilities in software, such as the Apache Log4j2 flaw, and hardware platforms continue to expand attack surfaces.
To minimize risks, the No. 1 goal is to reduce an organization’s attack surface.
The following seven recommendations from the CrowdStrike 2022 Global Threat Report offer ways for healthcare facilities to achieve that goal.
1. Protect all workloads
A healthcare organization is only secure if every asset is protected. That involves securing all critical areas of enterprise risk: endpoints and cloud workloads, identity and data.
Look for solutions that align with the user identity verification and authentication goals of a “zero trust” security framework and have extended detection and response, or XDR, capabilities to correlate data across multiple security layers and workloads.
It’s also crucial to establish strong IT hygiene with an asset inventory and consistent vulnerability management. Remember, it’s impossible to defend systems if you don’t know they exist.
The most common cause of cloud intrusion continues to be human errors, such as omissions introduced during common administrative activities. It’s important to set up new infrastructure with default patterns that make secure operations easy to adopt. This strategy ensures that new accounts are set up in a predictable manner, eliminating common sources of human error.
2. Know your adversary
If security teams know the cyber adversaries who target their industry or their region, they can prepare to better defend against the tools and tactics those adversaries use.
Seek the help of threat intelligence services that gather data on sophisticated threat actors that target the healthcare industry.
3. Be ready when every second counts
Speed is the currency of modern cybersecurity. Stealthy breaches can occur in a matter of hours – with devastating consequences. The average breakout time for an adversary to move laterally from one compromised host to another within a network is one hour and 32 minutes, according to CrowdStrike's cybersecurity research.
Security teams of all sizes must invest in speed and agility for their daily and tactical decision-making by automating prevention, detection, investigation and response workflows with integrated cyber threat intelligence directly observed from the front lines.
4. Adopt a zero trust approach
Most cyberattacks use identity-based attacks to compromise legitimate credentials and use techniques such as lateral movement to quickly evade detection. Because they have easy access to user credentials from dark-web data brokers, most adversaries don’t break in – they log in. They look like normal users – except they may try to do unusual things, such as exfiltrate data or improperly escalate their account access.
Healthcare facilities should implement a zero trust strategy, which includes hyper-accurate threat detection and real-time prevention of identity-based attacks, combining the power of advanced artificial intelligence, behavioral analytics and a flexible policy engine to enforce risk-based conditional access.
5. Monitor the cybercriminal underground
Adversaries congregate to collaborate using various hidden messaging platforms and dark web forums. In addition to monitoring their own environment, security teams must be vigilant and monitor activity within the cybercriminal underground.
Healthcare organizations should use digital risk monitoring tools to detect imminent threats to the brand, identities or data. They also should obtain advance warnings of active threats and use this visibility to prevent data leak incidents and costly ransomware attacks.
6. Invest in elite threat hunting
Some 62 percent of attacks involve non-malware, hands-on keyboard activity. As adversaries advance their tradecraft in this manner – bypassing legacy security solutions – autonomous machine learning alone is not sufficient for stopping persistent attackers. Combining technology with expert threat hunters is mandatory to find and stop the most sophisticated threats.
High-quality managed services can help healthcare organizations close the growing cyber skills gap with the expertise, resources and coverage needed to augment security teams.
7. Build a cybersecurity culture
While technology is critical in the fight to detect and stop cyberattacks, the end user remains a crucial link in stopping breaches. User awareness programs should be initiated to combat the continued threat of phishing and related social engineering techniques.
For security teams, practice makes perfect. Healthcare organizations must encourage an environment that routinely performs table-top exercises and red/blue teaming to identify gaps and eliminate weaknesses in cybersecurity practices and response.
Cybersecurity is not just a technology issue; it’s an enterprise risk issue that requires coordination across myriad public and private stakeholders. Given the widespread nature of attacks, the healthcare industry must make cybersecurity a priority and make the investments needed to protect patients’ safety and privacy.
DeFord is executive healthcare strategist at CrowdStrike; he's as CIO at Scripps Health in San Diego, Seattle Children’s Hospital and Steward Healthcare. He is also past chair of the College of Healthcare Information Management Executives and served on the board of directors at HIMSS.