FORTIFIED HEALTH SECURITY RELEASES MID-YEAR HORIZON REPORT
Focus on steps healthcare organizations should take to improve their cybersecurity posture to arm themselves against future attacks
Fortified Health Security, a leader in information security, compliance and managed services, focused solely in the healthcare industry, has released a mid-year update to its annual Healthcare Cybersecurity Horizon Report. This extensive report is released at a critical time for healthcare organizations when cybersecurity attacks, like WannaCry and Petya, are on the rise. The report details the urgent state of cybersecurity in healthcare, increased threats, predictions and steps that organizations should take to improve their cybersecurity posture, including the significance of addressing the emerging issue of medical device security.
“2017 continues to pose significant uphill challenges for the healthcare industry when it comes to safeguarding patient data,” said Dan L. Dodson, president of Fortified Health Security. “Threats like WannaCry and Petya can be avoided by following the fundamentals of a strong cybersecurity program. The Horizon Report details what healthcare organizations can do moving forward to better protect themselves from future attacks.”
2017 Mid-Year in Review
The Horizon Report provides a review of predominant cybersecurity issues and breaches faced by healthcare organizations thus far in 2017, including the prominence of ransomware in these attacks. These attacks are happening faster than in 2016 and proving that there is still much work to be done to protect personal health information.
“These breaches are coming at a time when patients are starting to act more like consumers, forcing healthcare organizations to guard their reputations, develop strategies for better patient engagement and provide increased amounts of sensitive data to multiple interconnected devices,” said Dodson. “Recognizing the potential impacts of a breach on your organization before one occurs is important as many health systems only start investing in cybersecurity after they have been negatively impacted by an incident, and at that point, it may be too late for some patients.”
Cybersecurity Task Force Report Findings
The report also details key findings from the Cybersecurity Task Force Report that was released on June 2, 2017. The report states that most healthcare organizations lack sufficient financial resources, struggle with retaining in-house information security expertise, and don’t have the infrastructure to identify and track threats – much less analyze and act based on the information – and are likely running unsupported legacy systems that cannot be supported.
“The task force’s report paints a clear picture of a healthcare industry that has rapidly digitized in the last ten years without significant investment in cybersecurity,” said Dodson. “The balance between providing real-time data to physicians at the point of care in a minimally disruptive manner, coupled with the charge for interoperability, has left the healthcare market more connected and more vulnerable to attacks than ever before.”
Best Prevention = Proactive Measures Around People, Process & Technology
The Horizon Report provides recommendations for the best preventive measures that healthcare organizations can take that focus around people, process and technology. The “people” factor must be addressed and continually measured to increase effectiveness. The report also explains how there must be processes in place around backups, incident reports, breach notifications, and disaster recovery. Technologies such as Security Information and Event Management (SIEM), Data Loss Prevention or Intrusion Prevention Systems (IPS) can be leveraged to identify and even react to a ransomware attack as it is happening.
“The best prevention against WannaCry or any attack are proactive security measures around people, process and technology,” said Dodson. “An in-depth defensive strategy will position organizations with a multi-layered, multi-faceted approach that will reduce your surface exposure exponentially.”