Cyber criminals have increased their activity as they look to capitalise on the Covid-19 pandemic. Our latest blog looks at eight ways healthcare organisations and suppliers can improve their cyber security.
Protecting healthcare data is a big challenge for both providers and suppliers within the sector. According to the ICO’s latest annual report, the health sector generated nearly 20% of all personal data breach complaints.
8 Ways to Protect Your Patient Data from Cyber Security Breaches
1. Train and educate staff
2. Perform security assessments
3. Keep software updated
4. Seek advice from security experts
5. Create regular backups
6. Keep collaboration and productivity tools secure
7. Have a response and recovery plan
8. Review your approach to data storage and retrieval
Of course, not every data breach is down to a cyber attack, but it forms part of the equation. With the sheer amount of confidential patient data being stored and shared, a number of public facilities and a long chain of medical partners, the healthcare sector is an attractive target for cyber criminals.
This risk is now amplified due to Covid-19, with hackers targeting healthcare organisations and suppliers in the hope of gathering related information, such as Covid-19 data and vaccine research.
Since the 2017 WannaCry attack, which cost the NHS £92m, substantial investment had been made to upgrade systems and cyber security resources.
However, limited budgets continue to hamper the sector’s ability to adapt to technological challenges and prioritise cyber security. With cyber criminals taking advantage of this, it’s important that healthcare organisations make cyber security and protecting their data a main priority.
Here are eight ways to enhance your cyber resilience, maintain compliance and keep your patients’ confidential information secure.
1. Train and educate staff
Recent cases such as the Twitter hack have shown that even the most tech-savvy companies have experienced data breaches due to social engineering attacks on internal staff. Besides clicking on phishing links, other issues include failing to safeguard passwords and misusing data access.
The huge risk human error presents to breaches in the healthcare sector means keeping staff trained and informed on cyber security should be one of your top priorities.
Simulated phishing campaigns are a great way to assess your employees’ understanding and awareness of phishing. By sending out fake phishing emails, you can gauge how vulnerable they are to such emails. Once gaps in knowledge are identified, you can then work with your teams to provide further guidance to those who need it.
2. Perform security assessments
As a healthcare provider, you are aware of the high data security risk your industry faces. But what about your specific organisation? Assessing your security posture will make it much easier to protect yourself against cyber attacks.
Regular penetration testing, for example, will help with this. By ethically hacking your systems and applications, penetration testing exposes the vulnerabilities within your network that hackers could exploit.
Once you are aware of the security issues you are exposed to, you can then work to rectify them and reduce the risk of cyber criminals entering your systems.
3. Keep software updated
Installing system updates as soon as they come out is critical because they typically include security patches for the software. Your devices are much more vulnerable to attack if your software is outdated, so ensure you have a plan for monitoring and updating network devices regularly.
For your employees that are working remotely, it’s also important to regularly check they are conducting software updates on their company-issued devices.
Besides system updates, check that security software such as your anti-malware solution is up to date, to protect against the latest cyber threats. If you want peace of mind that this will not drop down the priority list, you could opt for an endpoint management service.
4. Seek advice from security experts
Where you don’t have the expertise in-house or you want to take the pressure off your internal IT teams, consult with an IT services provider with experience providing security services to the healthcare sector. An expert provider can help you with many of the above, from phishing campaigns to endpoint protection.
5. Create regular backups
Data loss can be devastating for all organisations, not least healthcare providers with the vast amount of confidential patient data they hold. Backing up your data daily or weekly, saves you from complete data loss caused by malware, system crashes and human error. Encrypting sensitive data is also recommended for added security.
While backups won’t necessarily protect you from a data breach, they prevent complete data loss and provide peace of mind that you can easily and quickly restore your lost files if the worst were to happen.
6. Keep collaboration and productivity tools secure
With staff working at different sites and remote working now more typical, tools like the Office 365 suite are ideal for keeping staff productive and connected. But they come with security risks.
For instance, did you know that each time you create a team on Microsoft Teams, a Sharepoint site is automatically created? Combine this with Teams’ guest feature access – which gives invited third parties full access to team channels, chats, shared files and meetings – and there is an increased risk of data breaches.
Introducing this added risk to your network means taking precautionary measures is key, such as:
- Requiring multi-factor authentication.
- Setting up secure guest access.
- Auditing user activity and external sharing.
- Classifying sensitive data and use Microsoft AIP.
- Preventing file download to unmanaged devices.
7. Have a response and recovery plan
Unfortunately, even the best-laid plans cannot guarantee complete protection as cyber attacks continue to grow in sophistication. So, it’s always a good idea to prepare for the worst.
How you respond to a data breach can make a big difference in how your organisation is affected. Having a robust response and recovery plan in place means you will be as prepared as possible should a breach occur.
The plan should clearly outline what individuals’ responsibilities are and what steps they must take if you are breached. Ongoing training and thorough instructions of the plan will ensure that everyone is prepared in the event of a breach and can react accordingly.
Be sure to regularly review your healthcare cyber security procedures and keep up to date with the latest tactics, techniques and procedures so you can keep up to date with the latest protocols.
8. Review your approach to data storage and retrieval
Healthcare data is growing fast, with the increase in electronic health records, high-resolution images, health data from wearable devices, etc. All of this data must be stored in ways that make it accessible, yet fully secure and in compliance with regulations.
Review your approach to storage, and you may find that your legacy solutions just don’t have the security protections required today. Not only do you risk hackers getting to your sensitive information and data breaches, but it’s also likely you’re dealing with unnecessary cost and complexity.
Explore more effective ways of healthcare data management. Our whitepaper, Managing Healthcare Data in an Era of Explosive Growth: A Guide to Storage Options, is a great place to start.