IT execs must ensure key security practices are constantly observed
Healthcare organizations put a high degree of emphasis on the discipline needed to maintain a sanitary facility, as is expected by themselves, patients and regulators.
Too often, however, there is not a similar level of discipline for ensuring a sanitary infrastructure of the organization’s information systems holding protected heath information, says Brian NeSmith, CEO at Artic Wolf Networks, which continuously monitors infrastructures and identifies data security threats under contract with a provider.
Hackers always look for easy access to poorly protected devices, such as printers which are everywhere in an organization and one of the easiest devices to become a door to ransom or steal data.
The Internet of Things brings more challenges, as the underlying technology of legacy systems often is Windows or Linux-based applications, such as medication administration systems and other medical devices that often are not well maintained.
NeSmith warns that many IOT manufacturers are focused more on the products they build rather than how secure they are.
Another weak spot can be security tools themselves. These applications often produce false positives of an attack, and over time, people get alert fatigue and don’t pay attention to alarms that suggest an incursion has occurred, and that opens the door to new dangers.
However, a combination of machine learning technology and data security talent can go a long way toward improving the security environment. Machine learning uses predictive outcomes software that improves the more it is used.
Organizations with available resources need to go another step further and hire a “security engineer” with advanced training and skills, NeSmith advises. These skills include understanding social engineering to deceive individuals into divulging sensitive data, and training employees into recognizing when they are about to be fooled.
Most importantly, organizations need to develop best practices for decreasing the time it takes to detect a breach. Unfortunately, NeSmith says, “the best practice often starts with a weekly look at logs, which later becomes once a month and then becomes once every six weeks or more.”