A 7-Step Cybersecurity Plan for Healthcare Organizations
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
Healthcare organizations, on the front line of combating COVID-19, are under enormous pressure to adapt to new technologies amid work-from-home realities and the escalating cyber threat landscape.
That's why as part of National Cybersecurity Awareness Month, the National Cyber Security Alliance (NCSA) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) are focusing on the healthcare industry. In Dark Reading's own discussions with healthcare security experts, most say ransomware and antiquated medical technology are the industry's greatest threats, not distributed denial-of-service (DDoS) attacks as some have feared.
"The hackers are businessmen, and for them time is money," says Torsten George, cybersecurity evangelist at Centrify. "It's much more difficult to make money on a DDoS attack. They would have to do the attack and press for a ransom. Overall, the medical world has done well on the administrative side of technology, but I worry more about the vulnerabilities in antiquated firmware in old medical equipment, such as ventilators and heart pumps.”
Piyush Pandey, CEO of Appsian, adds that medical organizations need to start thinking more like tech companies.
"Today large investment banks such as Goldman Sachs and Morgan Stanley think of themselves as technology companies first. That's what has to happen in the medical field as they adapt new technologies, such as telehealth,” Pandey says. "Medical people have to invest in technology in the same way."
Stopping breaches because of bad password management and keeping data safe during telehealth calls are top priorities for medical organizations. Security teams at these organizations have a lot to unpack. This list can help set priorities and pave the path forward.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024