With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
Healthcare organizations, on the front line of combating COVID-19, are under enormous pressure to adapt to new technologies amid work-from-home realities and the escalating cyber threat landscape.
That’s why as part of National Cybersecurity Awareness Month, the National Cyber Security Alliance (NCSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are focusing on the healthcare industry. In Dark Reading’s own discussions with healthcare security experts, most say ransomware and antiquated medical technology are the industry’s greatest threats, not distributed denial-of-service (DDoS) attacks as some have feared.
“The hackers are businessmen, and for them time is money,” says Torsten George, cybersecurity evangelist at Centrify. “It’s much more difficult to make money on a DDoS attack. They would have to do the attack and press for a ransom. Overall, the medical world has done well on the administrative side of technology, but I worry more about the vulnerabilities in antiquated firmware in old medical equipment, such as ventilators and heart pumps.”
Piyush Pandey, CEO of Appsian, adds that medical organizations need to start thinking more like tech companies.
“Today large investment banks such as Goldman Sachs and Morgan Stanley think of themselves as technology companies first. That’s what has to happen in the medical field as they adapt new technologies, such as telehealth,” Pandey says. “Medical people have to invest in technology in the same way.”
Stopping breaches because of bad password management and keeping data safe during telehealth calls are top priorities for medical organizations. Security teams at these organizations have a lot to unpack. This list can help set priorities and pave the path forward.
Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio