7 steps to improve defenses against cyber attacks
FTP servers, supply chain connections and inadequate use of VPNs may put providers’ data at risk
0. Key guidelines for ensuring data protection is up to date
Cyber security experts continue to warn the U.S. healthcare industry about the continuing threat of cyberattacks, including new risks for which providers may not be ready, such as threats from the “Internet of Bodies,” which are IoT devices placed in patients for medical purposes, according to security vendor NordVPN. The company offers seven suggestions that can enable an organization to raise its level of threat awareness and security.
1. Don’t use FTP servers operating in an anonymous mode
According to the FBI, criminal actors from abroad are targeting protected health information from medical facilities to intimidate, harass and blackmail providers, and use of FTP servers operating in anonymous mode is a major security risk, because they can be hacked and provide access to an organization’s information.
2. Strengthen the organization’s weakest link of defense
Healthcare organizations should choose their suppliers carefully and work with the suppliers to tighten overall security. Cyber criminals are now targeting supply chains and looking for the weakest spot to install malware, which will affect all companies within the supply chain. This vulnerability was used in the NotPetya attack.
3. Use a virtual private network
Providers commonly use an intranet for private internal communications, which include local area networks as well as on-site networks. When employees need to access the intranet when traveling or working remotely, they should use virtual private networks for a secure connection. VPNs create an encrypted tunnel that connects the user’s computer to the intranet or the VPN server. This tunnel protects the connection from public access and offers protection in case hackers want to breach the system.
4. Back up all data
Organizations should back up their data on external drives and keep them unplugged and stored away. Backing up data regularly is one of the best ways to protect an organization from ransomware because only unique information is valuable to cybercriminals.
5. Back up all systems and configurations
In addition to data backups, healthcare organizations can protect themselves from ransomware attacks by backing up all their systems and configurations.
6. Analyze the effects of a potential ransomware attack and get ready
Healthcare organizations should assess their risks and make a list of the most vulnerable systems. The systems that cannot be down for more than one hour need to be especially protected and to have a clear backup plan.
7. Choose cybersecurity vendors carefully
Many medical organizations are scrambling to hire experienced IT staff after a spate of ransomware attacks shocked the industry. However, it is wise to get consulting help from outside as well as hiring external experts who can evaluate the vulnerabilities of the entire organization.