The inability to access medical records, lost productivity as systems are down, and money paid to cybercriminals all have a real impact on the health and wellbeing of patients. One famous healthcare-focused cyberattack, the 2019 ransomware attack on the Grey’s Harbor Community Hospital and Harbor Medical Group, forced the hospital and the medical group’s clinics to revert to paper medical records and affect backups. Though most records were recovered, it still isn’t clear if some medical records were permanently lost.
A breach can also damage the relationship between the patient and their doctor, as many patients may avoid seeking medical help if they are worried cybercriminals or other unauthorized users may access their private medical information. These emotional consequences can seriously damage the health and wellbeing of patients and make it more difficult for doctors to rebuild patient trust and ensure their patients are getting the care they need.
The Cost to Medical Science
Depending on the nature of the breach, valuable research data and intellectual property may be damaged or lost, which can delay research into life-saving treatments. That sort of research is invaluable, and its loss can have devastating consequences for the health and wellbeing of potentially millions of people.
The Unique Challenges of Healthcare-Focused Cybersecurity
Research has shown that the healthcare industry is a prime target for medical information theft at least in part because it lags behind other industries in securing its vital data. So why does this industry, whose assets are crucial to human health and wellbeing, lag so far behind?
To begin with, so much of what hospitals do relies on the internet, from patient test results and medical records to the various machines and technologies used to provide patient care. While this interconnectedness is excellent for data integration, patient engagement, and clinical support it also means that a ransomware or other attack can spread quickly between vital systems, accessing patient data and other highly sensitive information, hijacking medical equipment to mine cryptocurrencies, or shutting down entire hospitals or hospital networks until a ransom is paid.
Not All Software Can be Patched
One of the unique challenges of healthcare is that there is a wide mix of equipment. While some equipment is cutting edge, many pieces of healthcare technology still in use were made by companies that are no longer in business or run on old software that has gaping security holes that can’t be patched. That means that even if vulnerabilities are known to exist (which isn’t always the case), there may not be a way to fix them.
The obvious answer would be to move away from outdated software and equipment with known vulnerabilities, but that is easier said than done. While a small or even medium-sized business could handle a temporary shutdown to migrate the entire network over, hospitals and other healthcare facilities don’t have that luxury: the entire system needs to be running 24/7/365.
Shutting down older equipment and transferring all of the data stored on the network can also be incredibly costly. The ability to patch and update software both extends the lifespan of current equipment and reduces costs.
Human Error Can Expose Patient Data
On the data privacy side of things, recent research from the JAMA found that most breaches in medical settings were triggered by unauthorized disclosures or employee error. When multiple shift doctors, nurses, and specialists need to be able to quickly and easily access sensitive employee data, it increases the odds of one person making a mistake that could leave this data vulnerable.
The Biggest Cybersecurity Threats to be Concerned About in 2020
Ransomware was a huge problem in 2019, particularly for healthcare providers, and it is likely only going to get worse. Unlike some other businesses, healthcare providers aren’t able to pause operations to try and get their files unencrypted to avoid paying the ransom. And while some businesses can carry on even if they are unable to recover a few encrypted files, sometimes even a single unrecoverable file, such as a patient’s electronic file or test results, can have disastrous consequences for the health and wellbeing of patients.
Electronic health records have made it significantly easier for both healthcare professionals and facilities to access patient files, though this system does come with special cybersecurity considerations.
Though there are already privacy laws in place to safeguard sensitive patient data, these laws were mostly written with people in mind, not software. That means that many of these systems remain vulnerable to exploitation by cybercriminals, since the software that many of these systems run on or interface with may have been written in a time before the IoT. Depending on when the software was written, the company may not be around to issue software updates and patches, and even if they are, the software may not be compatible with many necessary cybersecurity updates.
Hopefully, findings like the FDA report mentioned above will encourage the companies that design electronic health record systems to evaluate their software critically so that it can be modified to better safeguard patient data.
How Can Healthcare Organizations Improve their Cybersecurity Posture?
Every organization is different and has slightly different cybersecurity needs. As such, the first thing any organization should do is sit down with their MSSP to identify their cybersecurity needs and create robust yet flexible cybersecurity protocols.
Organizations should also work with their healthcare-focused MSSPs to identify credible threats and create tailored response plans to address those threats. These response plans should be designed to minimize or even eliminate damage to critical systems and help safeguard both vital infrastructure and sensitive data.
To help you get started, please review our blog post Cyber Hygiene 101: Basic Steps to Keep Your Company Secure.
The number of cyberattacks continues to rise every year, and industries that have traditionally been insulated are now more likely to be targeted than they were in the past. As smaller manufacturers aim to stay competitive, many are moving away from analog processes and going digital. While this can be a great way to increase productivity, it can also leave unprepared businesses vulnerable to cyberattacks.
Fortunately, there are a few things businesses can do to help improve their cybersecurity posture. This can include working with experts to evaluate their current defenses, addressing potential vulnerabilities, and investing in employee training.
There are a few steps you can take to improve your current security posture so you can fend off attacks. However, even the best cybersecurity defenses aren’t completely protected from vulnerabilities, so you should also have protocols in place so that all stakeholders (including management and employees) know how to respond if an incident occurs.
Evaluate Your Current Defenses
Before you can improve your current defense systems, you need to know what your current shortcomings are. A full audit can help you catalog your current defenses, but if you really want to figure out where your weak spots are, you may want to consider a pen test.
A pen (penetration) test involves hiring an ethical hacker to stress test your current defenses. They target your current defenses in an effort to break in and take detailed notes about what strategies they tried and how effective they were. Once the test is done, the ethical hacker sits down with you to review their findings and make suggestions.
Address Potential Vulnerabilities
Now that you know where your potential weak spots are, you can take steps to address them. Most small and medium-sized manufacturers don’t have the resources to support full-time in-house cybersecurity teams, which is why more businesses are choosing to outsource their cybersecurity.
By choosing to work with a cybersecurity company, you can enjoy 24/7/365 monitoring and support. Your cybersecurity experts can help you audit your current defenses, address potential vulnerabilities, create robust yet tailored incident response plans, and help with employee training.
Create Robust Incident Response Plans
It’s always good to have a backup plan. When it comes to cybersecurity, you should always have detailed, robust, and flexible incident response plans in place in case of a cybersecurity attack. These plans should cover potential incidents, identify how a potential threat is detected, and make sure every key player understands their role.
Keep Your Software Up to Date
Keeping your software up to date is one of the easiest steps you can take to help safeguard your company’s digital assets. Whenever a software company discovers a bug or vulnerability in their product, they release patches to fix the issue. However, companies can only take advantage of patches if they update their software.
Unpatched software is particularly vulnerable because software companies announce the patches, and the bugs or vulnerabilities they are designed to fix, which means that cybercriminals now know where to focus their hacking efforts.
Keep an Eye Out for Trouble
You can’t adequately protect your digital assets if you don’t know what threats are out there. Managed threat intelligence lets you keep an eye on your entire operation, alerts you to suspicious activities, and confirms threats quickly so they can be addressed.
Invest in Employee Training
Even the most robust and well-crafted cybersecurity plan is useless if it can’t be implemented effectively. Employees need to understand why cybersecurity is critical and what role they play in safeguarding the company’s digital assets. New employees should be provided with cybersecurity training as part of their onboarding process, and all employees can benefit from annual refresher training.
You may also want to consider running tabletop scenarios. Tabletop scenarios are similar to fire drills: They allow your team to practice responding to potential threats in a no-stakes environment. The facilitator poses a scenario, and your employees work together to address the situation and minimize or even avoid disruption and damage. Once the scenario is finished, your team sits down and reviews their findings, identifying gaps in your current protocols or employee knowledge so that they can be addressed.
Cybercriminals are increasingly targeting the manufacturing industry, and smaller manufacturers without robust cybersecurity protocols in place are particularly vulnerable. Investing in good cybersecurity is an investment in your business, and MSSP experts are here to help you every step of the way.
As COVID-19 forces employees to practice social distancing, or even to self-isolate or shelter in place, the ability for employees to work remotely has gone from a luxury to a necessity. However, pivoting quickly to a mostly or fully remote workplace isn’t an easy task, and brings with it unique costs and infrastructure requirements.
The Infrastructure & Costs Required to Effectively Support a Remote Workforce
Your team can only remain productive if they have the tools they need to do their jobs effectively. However, though your employees may be set up for success at the office, you will likely need to make a few infrastructure changes if your company isn’t already set up to support remote work. To help your company transition, and keep your digital assets safe both during and after the shift, you may want to consider consulting with your MSSP (managed security services provider).
If your employees mainly rely on desktops to complete their work, you will either need to permit them to bring those computers home temporarily or provide them with laptops. Laptops are significantly more portable and require less physical space than their desk-bound counterparts. This is particularly beneficial for employees who don’t have home offices and are likely going to find themselves working from their kitchen tables or another mixed-use space.
Secure Connections & VPNs
Having employees work from home means they will likely need to access company resources (such as internal networks or sensitive files) remotely. To help safeguard your company’s digital assets, you may want to consider providing your employees with secure connections or VPNs.
For more information about secure connections and VPNs, as well as tips for safeguarding your digital assets while employees are working remote, please read our blog post: COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks).
Leveraging the Cloud
The cloud is, by design, great for supporting remote work. It allows multiple users to access documents simultaneously, cutting down on the unnecessary emailing back and forth and helping ensure all users are referencing the most up to date documents. Programs such as Google Drive can support a wide variety of cloud-hosted documents, including word processing documents, spreadsheets, and PowerPoint-style presentations. You can also easily upload existing documents and files and specify whether the people you share documents with have viewing, commenting, or editing privileges.
For more information about what the cloud is and learn more about its benefits, please read our blog post: Cloud Isn’t the “Future”; It’s the Now.
The most efficient teams are the ones that communicate frequently. To help your team stay engaged and connected while everyone is working from home, you are likely going to have to rely on video conferencing apps (such as Google Hangouts, Skype, Microsoft Teams, or Zoom) as well as workplace instant messaging apps (such as Slack).
Video conferencing is great for meetings as well as getting some face-to-face time with your team, while instant messaging apps are better for quick questions and the more casual conversations that used to happen around the water cooler or in the break room.
Video conferencing is also great for morale and staying connected on a more emotional level. Scheduling teamwide “lunch dates” or morning check-ins can be a great way to keep spirits up and maintain team cohesion while also letting your employees know that you care about them and are here to support them.
To help support businesses during the pandemic, many video conferencing companies are offering their products for free or at a reduced cost.
Reliable Home Internet
Employees are going to require reliable, high-speed internet to help them stay connected and access the cloud. While most employees likely have internet connections that are robust enough to support applications such as video conferencing, you should have your managers touch base with their teams to ensure everyone has the tools they need to succeed.
Depending on how much of your current infrastructure needs to change, the costs to pivot quickly may be substantial. If you weren’t planning on investing in your infrastructure to support remote work (and therefore didn’t account for it in your annual budget), the costs of this sudden pivot might be compounded if your organization is currently facing reduced profitability in the short term.
Shifting to Remote Work Can Help Future-Proof Your Business
By investing in your organization now, you can not only support your workers during this pandemic but also help future-proof your business. Though the up-front costs are certainly something to consider, remote work has many proven benefits both for employees and employers. These include increased productivity, improved performance, increased engagement, and higher job satisfaction rates. All of these benefits can, in turn, translate into higher profits in the long term, even if your bottom line is currently taking a beating.
Depending on how much of your workforce you allow to continue to work remote once the pandemic is over, you may also find that having fewer employees in the office at one time means you can reduce operating costs by taking steps such as moving to a smaller office.
Being able to support remote work effectively also means you can draw from a wider talent pool and attract workers that are either unable or unwilling to relocate for work. Offering a more flexible working arrangement can also help you attract top-talent with little to no additional costs once you have made the necessary adjustments to your current infrastructure.
Not all IT professionals can be experts at everything, and that’s okay. If your current IT department is feeling overwhelmed an experienced MSSP can help.
COVID-19 is changing the way society handles a lot of things, including how we work. As companies rapidly shift to remote workplaces, we can expect there to be a few hiccups along the way. In response to this lack of preparedness, cyber-criminals are increasingly taking advantage of the chaos COVID-19 has caused. Fortunately, there are concrete steps you can take to safeguard your network and digital assets while supporting a remote workforce.
Why Telecommuting, Video Conferencing, & Remote Work Are More Important Than Ever
As companies shut their physical offices and mandate that employees work from home, telecommuting, video conferencing, and remote work are becoming vital tools that businesses need to be able to leverage effectively to stay in business. In some cases, employees who have been told to self-isolate or live in states such as California and Illinois (which have ordered all residents to shelter-in-place), working from home is the only option. Video conferencing, in particular, has become the lifeblood of many businesses as suddenly far-flung workforces work to stay connected. From important meetings to social situations (such as having lunch as a group), videoconferencing allows businesses to maintain a sense of community and ensure that workers can connect with one another to complete their tasks and achieve their goals.
The Hazards of Remote Work
Bad actors may try to take advantage of the chaos that suddenly pivoting to a remote workforce can bring. When employees work from home, they may be using inadequately protected devices or unsecured internet connections. They may also be more likely to share files over the cloud or send attachments over email.
As the number of emails increase, as employees work hard to keep everyone up to date and in the loop, employees may be less likely to catch suspicious emails (such as phishing scams). If they do suspect something is fishy, they may not know how to properly report it now that they can’t just walk over to the IT department.
It doesn’t help that cybercriminals are taking advantage of the COVID-19 pandemic to spread malware, even going so far as to impersonate trusted organizations such as the WHO and the CDC in an attempt to get unsuspecting users to download malicious files or click on dangerous links.
Without the implementation of robust security protocols in place, your chances of detecting, defending against, and mitigating the damages caused by a cybersecurity attack are very slim. By comparison, the way you would mark emergency exits, practice fire drills, and post evacuation plans in prominent locations to safeguard your employees in the event of a fire, you also need to be prepared to confront and deal with cybersecurity attacks quickly and effectively.
You should work with your cybersecurity provider to ensure that your incident response protocols are up to date and review your protocols with your employees. Depending on your organization’s unique cybersecurity needs, you may need to work with your provider to update or adjust your protocols and policies to ensure that they continue to meet your needs as you switch to a remote workforce.
Smart Data Management
As employees work from home, more information is likely to be shared among them using email, instant messaging apps, and the cloud. Smart data management strategies allow you to ensure that private or sensitive company information isn’t able to be shared with unauthorized users, and also helps ensure that employees can access the information they need to complete their work.
Secure connections and VPNs (Virtual Private Networks) can allow your employees to access company files and networks securely.
Secure connections refer to connections that are encrypted using one or more security protocols to ensure that data flowing between two or more nodes is secure. The purpose of secure connections is to prevent unauthorized third parties from accessing sensitive data and prevent this data from being viewed or altered by unknown parties. To safeguard data, secure connections require users to validate their identity.
VPNs, on the other hand, are used to create private networks using public internet connections. VPNs are designed to mask your IP (internet protocol) address, making the user’s online actions virtually untraceable.
Though COVID-19 will, eventually, come to pass, it will likely leave a lasting mark on the world. By making smart investments in your infrastructure and data security now, you can not only safeguard your employees and your company now but help future proof your business.
Threat intelligence refers to the information organizations rely on to better understand cyberattacks that could target, or are actively targeting, that organization. This data is used to craft tailored response plans so that the organization can identify, prepare for, and even avoid potential attacks.
All it takes is one well-timed, targeted attack to potentially cripple an organization, exposing private or sensitive information and potentially damaging or even destroying client or user trust. Threat intelligence provides organizations with the indispensable knowledge they need to build robust defense mechanisms and mitigate the risk a cybersecurity attack could present to both their reputation and their bottom line.
At VirtualArmour, we take a managed approach to SIEM. Unmanaged SIEM (security information and event management) has quite a few limitations, which is why organizations such as VirtualArmour offer managed solutions, which allow individual programs to work together seamlessly. This allows SIEM programs to do more than detect threats and send out alerts: A managed approach gives your team the data you require to make an informed decision about a threat and respond effectively to the continually evolving threat landscape.
A targeted attack requires a targeted defense, so studying potential threats is crucial to proactively defending your organization’s digital assets.
Why is Threat Intelligence Monitoring Important?
Your defenses are only as good as the information they’re built on. Without up to date and accurate threat intelligence, your organization isn’t able to craft robust and tailored defense plans to thwart targeted attacks. If you don’t know what sort of threats to look for, you can’t adequately safeguard your digital assets.
A good cybersecurity posture incorporates both general safeguards and best practices (such as firewalls, anti-malware software, employee cybersecurity training, and safe password guidelines) as well as playbooks for what to do in the case of a particular type of attack.
Common Cybersecurity Threats That a Managed Threat Intelligence Service Can Detect & Mitigate
Though the cybercrime landscape is continuously shifting and changing, there are still a few common cybersecurity threats that appear to be evergreen. To help protect your organization, make sure you have protocols in place to deal with these common threats, that all of your employees know what to do if they encounter these threats. In the case of ransomware or credentials that have been compromised via a phishing scam, you should also have safeguards in place to isolate or shut down affected devices or user accounts to help contain the situation.
Ransomware is a type of malware (short for malicious software) that is designed to lock users out of their devices or systems until a ransom is paid. Ransomware can quickly and easily cripple a business or organization by denying employees and other users (such as clients) access to critical files or programs.
Ransomware is usually delivered via a phishing scam or a doxware attack
For more information, including what steps you can take to help safeguard your organization, please read our blog post Everything You Need to Know About Ransomware.
Phishing scams involve tricking users (including employees or customers) into believing the person on the other end is someone else in order to get the user to hand over sensitive or personal information, click a malicious link, or download a malicious file. Personal or sensitive information can include usernames and passwords, or financial information such as your credit card number or banking details.
For more information, including warning signs to look out for, please read our blog post Don’t Let Phishing Scams Catch You Unaware.
The DNS (domain name system) works like a telephone directory for the internet. Whenever you enter a URL into your web browser, the DNS sends a request to the name server, which then checks its cache for the matching URL. If the URL is there, it sends you to the webpage.
DNS spoofing occurs when a cybercriminal is able to alter the stored URL in the DNS cache, redirecting users to a different, usually malicious website. This would be akin to altering someone’s phone number in the phone book to redirect their calls.
For more information, including what you can do to protect your organization from DNS spoofing attacks, please read our blog post DNS Spoofing: What It Is & How to Protect Yourself.
Cryptojacking refers to the unauthorized use of someone’s computer to mine cryptocurrencies (such as bitcoin). This is usually achieved using malware, which is designed to quietly siphon off some of your device’s computing power and some of your electricity to surreptitiously mine for cryptocurrencies. Though most criminals are smart enough to only a small amount of computing power so that your device’s performance is minimally affected in an attempt to avoid suspicion.
For more information, including steps you can take to help safeguard your infrastructure, please read our blog post, Cryptojacking: Because Every Currency Needs to Be Protected.
The Benefits of a Managed Approach
Keeping up with the latest threats and crafting robust yet flexible protocols to help prevent or mitigate damage should an attack occur, can be a daunting and time-consuming task. That’s why more organizations are choosing to outsource their cybersecurity, including managed threat intelligence, to experienced MSSPs (Managed Security Services Providers)
Choosing to work with an MSSP has many benefits, including:
Having a Team of Experts At Your Side
Not everyone’s an expert when it comes to cybersecurity, and that’s okay. Managed Security Services Providers are here to answer your questions, help you design and implement cybersecurity protocols, train your staff, stress test your defenses, and help you mitigate or even avoid monetary or reputational damages should an incident occur.
24/7/365 Monitoring For Complete Visibility
Threat intelligence is a 24/7/365 day a year job, so you need an MSSP that offers constant monitoring and gives you a birds-eye-view of your entire cybersecurity position. That way, when threats or potential threats arise, your team of experts can respond right away, and you can make sure you’re never out-of-the-loop.
Threat intelligence depends on a large variety of data, including log analytics (so that past entries can be reviewed later). However, depending on your industry, those logs may need to be HIPPA, GLBA, or PCI compliant, and you may have to contend with GDPR as well.
Your MSSP can help you ensure your logs and other security strategies you employ, comply with all relevant laws and industry regulations.
Incident Confirmation & Containment
Should a potential incident occur, your team of experts will be there to confirm what exactly is going on and help you contain the situation as quickly as possible. They can also help you mitigate or even avoid financial or reputational damages from a breach or other type of cybersecurity incident.
Technology is continually changing and evolving, creating new and innovative ways to conduct business. While many of us may still think the cloud is some futuristic concept, in reality, it’s already here and has been for a while.
What is the Cloud?
At its core, the cloud is a collection of web-based applications. Instead of purchasing a program, installing it on your computer, and running it locally, the cloud allows you to remotely access programs using the internet. Instead of running on your machine, these programs are run on large, high-tech servers. Chances are you are already using the cloud; you just might not know it yet.
An excellent example is Google Docs. Even just a few years ago, if you wanted to create a text document, you would likely open up Microsoft Word. That meant that if you wanted to start on a document using your desktop at work, then review it at home later you would have to either save the document to a USB drive and physically bring it home or email it to yourself, make any changes, and then either resave the edited document to your USB drive or re-email it to yourself.
Google Docs works a lot like Microsoft Word, but the documents you create are stored on the cloud, not your local machine. That means that if you start a document on one computer and then switch to another machine, you don’t have to bring your document with you. Instead, you simply log into your Google account from the new machine, access your Google Drive (where your Google Doc is stored), and continue working. This also means that multiple people can view, comment on, and edit the same document in real-time from different locations.
What Are the Benefits of Using the Cloud?
The cloud has many benefits beyond conveniently sharing and editing documents that update in real-time.
No Special Software
Before the cloud, if you wanted to use a program, you would need to purchase and install specialized software to do so. Now, all you need is an internet connection and an account. This makes it easy to work remotely, either from home or while away on business, and ensure that everyone is working with the most up to date version of each document or item.
It also means that you, and your company, can easily access a variety of more specialized programs without the need to physically purchase and install them.
No Data Backups
Since your data is stored remotely on a server, instead of on your computer, you don’t need to worry about backing up your data. The company that runs the servers handles all of that for you, freeing you, your staff, and your physical resources up for other tasks and lets you rest easy knowing that if an incident occurs at your organization, your data is protected.
Purchasing and installing computer programs can be both costly and time-consuming. While some cloud-based programs require monthly fees to access, these are still typically less expensive than purchasing the program outright would be.
Cloud-based programs also require less IT support from your company since you don’t need to pay a professional to install software or network computers to a server, and any problems with the software are handled by the company that provides it, not your IT personnel.
The cloud also allows employees to work remotely more effectively, which can cut down on your infrastructure costs by reducing the amount of office space your organization requires. It also means that you no longer require brand new computers almost every year to support the latest software, since even older models can easily access cloud-based programs.
One of the most important things you can do from a cybersecurity perspective is to ensure all your software is up to date. With cloud-based software, the company that created and maintains the software handles all updates for you, freeing up employees for other tasks.
Using the cloud means that your organization can quickly and easily scale your operations or storage needs up and down depending on your current situation. Any new software or upgrades can be accessed quickly and easily, and may not even require upgrading your account.
Storing your data in the cloud means that if something happens to your office, such as a fire or a power outage, you can more easily resume normal operations. Data on the cloud remains safe and secure, and can easily be accessed remotely if necessary.
Increased Cybersecurity – If You’re Prepared
A type of malware called ransomware (such as the famous Wannacry and Petya ransomware attacks) targets companies by encrypting their data and holding it hostage until the ransom is paid. Unfortunately, too many organizations are forced to cave because they don’t have proper backups of their data, and they can’t continue with normal business operations while their data is inaccessible. Storing your data on the cloud drastically reduces the effectiveness of ransomware attacks targeting your specific organization.
However, though the cloud has many benefits, it also brings with it unique cybersecurity considerations that you should discuss with your Managed Security Services Provider (MSSP). Your MSSP can help you identify potential vulnerabilities and address them effectively to safeguard your cloud-held digital assets better.
The cloud has already changed how we work, streamlining a lot of processes, making it easier to adjust our storage and operations quickly to better suit our needs, and making collaboration easier than ever. Though it has brought with it new cybersecurity concerns, these can be safeguarded against, and their potential impact mitigated, with flexible, robust, and tailored cybersecurity solutions.