by Richard Mackey, Senior Vice President, Information Technology and Joe Messina, Senior Director, Infrastructure, Intalere
In healthcare, cybersecurity is a key component of a provider’s operational infrastructure. Hospitals, clinics, surgery centers, long-term living centers and many others in the healthcare industry have fallen victim in the past to ransomware attacks or data breaches.
Unfortunately, as the world changed over the past several weeks and months, the COVID crisis has also opened up new opportunities for hackers and other bad actors. We’ve seen criminal activity from shady brokers of purported PPE products. We also see the profit motive drive cyber criminals to modify their approach to this timely subject and prey to exploit on our best intentions. It is imperative that each of us takes the time to educate ourselves and the members of our teams to be vigilant and take action to protect our operations.
We’ve seen examples of phishing emails recently that take a variety of forms. Some claim to have important information on how to prevent the spread of COVID or have other important safety measures. Some purport to have financial information related to government stimulus funds. Sometimes the messages are positioned to be from the Centers for Disease Control (CDC) or the World Health Organization (WHO). In any of these cases, clicking on links or downloading attachments can have unexpected network or security consequences.
Intalere has established a cybersecurity task force comprised of information security leaders from several of our member facilities. Our board has identified common best practices to help members know what, where and how to implement cybersecurity protocols in their organizations. Let’s look at a few areas that should be covered in your cybersecurity program.
The most effective cybersecurity programs start with internal training. Most cyber incidents occur from employees inadvertently providing network access to an intruder. Best practice involves both internal team awareness and training and technology investments. Cybersecurity is not something that employees should think about once a year when they complete an online training session. It’s important that information security and the risks from malevolent actions of third parties be top of mind for everyone in the organization. This higher-level mind share can be accomplished through a variety of tactics including:
- Running more frequent training or awareness messages with specific instructions and messages.
- Performing mock phishing attacks throughout the year to help demonstrate and highlight the risk.
- Providing both positive incentives for learned behaviors and consequences for persistent risk-factors.
While the base of an effective cybersecurity program is oriented towards employee behavior, technology plays an important role for those times when an intrusion does occur. Staying current with network operating software upgrades and patch releases is important. Securing end-user devices with encryption or preventing administrative rights are simple but important steps all organizations should be doing.
A common and more advanced technology solution comes in the form of a SIEM platform (Security Information and Event Management). Many of these tools are now available as a service and are an important part of an effective cybersecurity program.
In part two of this post, we will focus on Backup and Recovery and Cyber Insurance best practices.
We Can Help
Intalere, the healthcare industry leader in delivering solutions designed for improved financial, operational and clinical health for our partners, can help with any of your cybersecurity, data and information technology needs. Please reach out to us for more information and to see how we can help. Contact Customer Service at 877-711-5600 or email@example.com or your Intalere representative.
Also, make sure to join us for a webinar with partner Connection on Cyber Security in the Age of COVID-19, on Tuesday, June 9, 2020, at 11 a.m. ET.
To join by phone, dial +1 872-704-2343, Conference ID: 834 823 14#.
To join the meeting from your computer, Join Microsoft Teams Meeting.