Recently, both Quest Diagnostics and Laboratory Corporation of America Holdings (LabCorp) announced related data breaches that may impact as many as 20 million customers who used their services between Aug. 1, 2018 and March 30. While details are still being confirmed from third party medical vendor American Medical Collections Agency (AMCA), the compromised customer data is thought to have included personal, financial and medical patient data such as first and last names, dates of birth, addresses, phone numbers, and credit card or bank account information.
“Healthcare companies have increasingly become a target for hackers and other bad actors given the vast amounts of information that is collected and stored across the medical ecosystem,” says Kelvin Coleman, executive director of the National Cyber Security Alliance. “Businesses and organizations that accumulate data must operate with a deep understanding of the value of that data to cyber criminals and employ a comprehensive approach to cybersecurity, including robust vendor management strategies.” Coleman offers six ways to stay safe.
Identify your digital 'crown jewels'
Crown jewels are the data without which an organization would have difficulty operating or the information that could be a high-value target for cybercriminals. When assessing the vendor network, the IT team needs to map out not only who the vendors are, but who their vendors are that might have access to the organization's data or systems. This includes working with vendors to confirm the data they collect and whether or not they have formal and robust cybersecurity programs in place.
Protect an organization's assets
Ultimately, the goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as an organization grows or adds new technologies or functions. When creating third-party contracts, include non-negotiable document data ownership and management processes, including how the organization's data is handled, who owns the data and has access to it, how long the data is retained, and what happens to data after a contract is terminated. Only people who need access to data should have it. Organizations should also have a lawyer look over any vendor agreements to ensure they take proper measures to protect data assets and grant appropriate access controls.
Be able to detect incidents
Fire alarms are widely used to alert homeowners and businesses to potential problems. In cybersecurity, the quicker security staff know about an incident, the quicker they can mitigate the impact and get back to normal operations. For vendor contracts, establish processes within agreements that enable an organization to verify compliance with the negotiated terms. Third-party intelligence providers can also offer independent, unbiased input on the status of vendors. If a vendor is hit by a cyberattack, these third-party intelligence services will report back in a time-critical way.
Have a plan for responding
Having a recovery plan created before an attack occurs is critical. Develop and practice an incident response plan to contain an attack or incident and maintain business operations in the short term.
Quickly recover normal operations
The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. Like the response step, recovery requires planning. Recovery is not just about fixing the causes and preventing the recurrence of a single incident. It’s about building out the cybersecurity posture across the whole organization (not just the IT person or group), including increasing the focus on planning for future events.
Attend a cybersecurity business event
Businesses and organizations hold events across the country, such as hosting monthly webinars that shed light on how small and medium-sized businesses can protect themselves, their employees and their customers against the most prevalent threats.