Medic Management Oct 11, 2021 8:57:47 AM 7 min read

3 Ways to Immediately Protect Your Healthcare Organization Against Cyberattacks

It seems like every time we turn on the news or read an article, there’s a new report of a ransomware attack.  It’s one of the greatest challenges for MMG and our clients. Reason being, the healthcare industry is an incredibly attractive target. Patient information is worth a lot of money to attackers. It is valuable because personally identifiable information doesn’t change, as opposed to a single piece of financial information such as a credit card number that can be quickly updated.  According to most recent reports, a single healthcare data record is valued at approximately $250 on the black market, compared to $5 for a credit card number.  Because PHI is such an attractive target, it is important that healthcare organizations adequately protect their networks.  The following security practices are the most effective in immediately reducing cybersecurity risk:

1.MFA (Multi Factor Authentication) – 70% of attacks can be prevented by implementing MFA. Enable MFA for Email accessed through web applications, mobile devices, non-corporate devices, VPN and any other remotely accessed application(s).

Consider an authenticator app over SMS.  Using text message to retrieve login codes is less secure, primarily because it’s easier for a hacker to gain access to text messages than it is to gain physical access to a phone.  It could be as easy as knowing the phone number and the last four digits of a Social Security Number. Once they have that, a hacker can redirect the phone number and they no longer need the physical phone in order to gain access to the MFA codes. The recent T-Mobile Breach highlights how attackers can intercept SMS messages.

Note: If MFA is not in place, options for cyber insurance coverage will be limited or nonexistent.

2. Email Protection – Email is the #1 attack vector.  Ensure your email system has adequate protection. Using a multi-layered, cloud email security solution will provide your organization with the critical defenses needed to combat today’s threats.  At a minimum, in addition to spam protection, the solution should include the following:

  • URL Protection: Scans URLs at the time of click to identify malicious links.  It eliminates the risk of an employee mistakenly clicking on a link that could initiate the download of ransomware or other malicious software.
  • Attachment Protection: Including malware inside of an attachment is a common technique used by attackers.  Attachment protection scans attachments for malicious content before it gets delivered.
  • Impersonation Protection: Scans the domain and sender to defend against social engineering tactics designed to coerce a user to perform an action.  Hackers often send emails impersonating leaders of the organization.  Relying on employees to identify these attempts isn’t always effective.
  • Internal Email Protection: Mitigate insider threats by protecting internal to internal as well as outbound.
  • User Awareness Training: Educate your end users on how to identify potential threats.  UAT is offered with most email protection services but can be purchased as a stand-alone product.

Note: Each component needs to be properly configured, managed and monitored.

3. Local Administrator Rights – 90% of the vulnerabilities in Windows arise due to local admin rights. Removing admin rights prevents system changes and minimizes the impact of what malicious threat actors can do. It’s one of the most cost-effective security changes your organization can make.

Hackers are more likely to go after the easy targets versus spending the time and effort on organizations that have sophisticated protections in place. Doing nothing else and applying these practices makes it more difficult for them to get in. Practicing good hygiene in other areas, such as retiring deprecated systems, consistently patching vulnerabilities and securing other entry points, will further enhance your security posture and reduce overall risk. The National Cyber Security Alliance (https://staysafeonline.org/) reports that 60% of small and mid-sized businesses go out of business within 6 months of an attack.  Reduce your risk by taking action now.