4 Practical Strategies Healthcare Leaders Can Implement Now to Repel Cyber Attacks

The healthcare industry is an increasingly appealing target for cybercriminals from around the world. The reason is simple: The healthcare value chain encompasses a large, complex network of connected entities that warehouse exactly the kind of high-value, confidential data that thieves want. This includes electronic health records, social security numbers, credit card numbers and banking information.

Cyberattacks disproportionately affect healthcare organizations. In 2023, the average data breach cost to a healthcare company was $10.93 million, an 8% increase from the previous year, according to IBM’s Cost of a Data Breach Report. By comparison, compromises at financial companies (which ranked second in terms of cost per breach) totaled $5.9 million. Healthcare data breach costs have skyrocketed 53% since 2020, and the industry has ranked No. 1 in cost-per-breach for 13 consecutive years.

The cost extends beyond dollars. Each compromise damages a healthcare organization’s reputation with its customers, supply chain partners and other stakeholders, and most breaches must be publicly disclosed. The Federal Trade Commission’s Health Breach Notification Rule mandates that “vendors of personal health records and related entities notify customers” and that “if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers.”

Cybersecurity professionals can empathize with healthcare organizations that have suffered a data breach — and the resulting reputational damage — because even with robust protections in place, determined and skilled cybercriminals can potentially penetrate an organization’s data fortress.

Healthcare organizations must, however, constantly review and improve their cybersecurity strategies to stay ahead of hackers and minimize the risk of a data breach.

Here are four places to start:

1. Prepare and update disaster recovery plans and incident response playbooks

It is not a matter of if, but when, a cybersecurity incident will occur. Organizations must, therefore, have detailed, written contingency plans, such as up-to-date disaster recovery and incident response plans, so your team is well prepared and understands who does what and when.

An organization’s backup strategy, including immutable (read-only) backups, stored offsite, is fundamental to disaster recovery and, for example, is essential for minimizing the effects of a ransomware attack. Data center resiliency is also an essential component for meeting your recovery point objective and recovery time objective.

Although ransomware is not cybercriminals’ most common attack method, Verizon’s 2023 Data Breach Investigations Report estimates that it accounts for almost 1 in 4 (24%) incidents. Ransomware attacks have also recently made headlines, specifically in the healthcare industry.

2. Protect unauthorized access to user accounts

Stringent controls to protect unauthorized user account access are crucial for minimizing the risk of a data breach. According to Verizon, stolen credentials are cybercriminals’ most common attack method, with just over 50% of 2023 hacks involving the use of stolen credentials to gain access to applications and data.

Organizations should use rigorous identity and access management technology to bolster cybersecurity defenses, including multifactor authentication, role-based access controls and passwordless authentication methods such as biometrics, tokens/certificates or FIDO2 (Fast IDentity Online 2). Organizations should also regularly review and monitor user accounts and activity to identify suspicious activities and always follow the principle of least privilege.

3. Bolster phishing defenses

Phishing is cybercriminals’ second most-used attack method, representing 36% of breaches in 2023, according to Verizon. Phishing technology has become so sophisticated that it can take months before an organization discovers that an employee’s email account has been hacked and intruders have gained access to the company’s confidential information.

Organizations must protect network access by using the latest email filtering and phishing detection technology. It is also imperative that employees receive regular training in phishing simulations and incident response procedures.

4. Minimize device vulnerabilities

The third most frequent way that criminals breach cybersecurity defenses is by exploiting vulnerabilities in software or applications on devices connected to an organization’s network. Devices include desktops, laptops, tablets, smartphones, servers and all other hardware that allows users to connect to an organization’s network.

Organizations can mitigate this type of breach by ensuring that each connected device uses the latest operating system and is protected by up-to-date security software. Just as important, the security software and OS must be updated as soon as possible when new versions or patches are released. Each device should also use up-to-date identity protection and user access control technology.

In addition to protecting devices, organizations should reduce vulnerabilities in software connectors. Security protocols for Application Programming Interfaces (APIs), for example, are commonly neglected, with organizations misconfiguring the authentication and authorization mechanisms within the API.

The digital transformation that is reshaping the healthcare industry has opened the door for cybercriminals – including adversarial nation states, organized crime groups and terrorists – and they are using cutting-edge technology to exploit the weakest security links. Prioritizing cybersecurity will help protect your organization, its reputation and, perhaps most importantly, your stakeholders’ data.

Robert Vitelli is director of cybersecurity advisory services at AArete, a global management and technology consulting firm.