The COVID-19 pandemic revealed flaws in the American healthcare system that were always there. The only difference now is that those flaws have been brought to light. In the wake of the pandemic, a new host of cyberattacks occurred within the healthcare sector. Malicious hackers aimed to take advantage of the crisis with a combination of misinformation campaigns and ransomware. In addition to people’s personal information becoming compromised, it’s also taking a financial toll on our institutions. In June of 2020, the University of California–San Francisco had to pay a ransom of over $1 million to recover data from its medical school that was stolen by cybercriminals. Since the pandemic started, there has been a substantial increase in the amount of personal information that has been put up for sale on the dark web. Cybercriminals have also been sowing seeds of fear through misinformation campaigns and spreading conspiracy theories so that people don’t know what information to trust. It’s been a difficult time for healthcare institutions, but fortunately, there are cloud mitigation techniques available to protect data and prevent the spread of false information.
Establish a patch update and management process for firewall configurations and VPNs
No piece of technology will ever be perfect. But as time goes on, organizations will implement various patches to ensure everything—from your smartphone to your video game console—works as it should. One of the best ways to prevent ransomware from getting into your system is to install patches with regular frequency. Even if you think your company is safe because you use a VPN, you better think again. To understand the patch management process, there are three main steps to be aware of. First, you need to always do your due diligence before installing a new patch. Some patches cause more harm than good, so make sure you know precisely how it will interact with your company’s current processes. Next, you need to watch out for patch fatigue, which involves regular patch testing to ensure that patches continue working for your organization in the future. Finally, you should consider automating your patch process. While allowing devices to patch themselves can save you some hassle, you should be watching out for potential “fixes” that you need more information about before implementing them in your business. While patches are great, you need to make sure your base system works optimally. Storing your data in the cloud is ultimately one of the best defenses against ransomware and phishing. Specifically, many cloud storage providers place a special emphasis on security, offering security defenses such as SAS 70 Type II Compliance, 256-bit AES encryption and 4096-bit encryption.
Utilizing edge-to-cloud security to enhance cloud resiliency
The cloud presents a unique set of security challenges for businesses. Vital information is no longer kept in a data center that can only be accessed from inside the building. It’s now in the cloud where someone from a different country could theoretically find it. One way to make the cloud work in your favor is to incorporate edge-to-cloud security. Edge computing entails computing that’s done near or at the source of the actual data. The cloud at one of a dozen data centers no longer does the majority of the work. Basically, instead of your data going to the cloud, the cloud goes to you. Antonio Neri, the CEO of Hewlett Packard Enterprise, spoke to this emerging technology by stating, “The focus is to build an edge-to-cloud platform that connects, protects, analyzes, and acts on all your data and brings agility to your apps to unlock your enterprise’s full potential. This is possible when you build on open source cloud-native technologies optimized for a highly distributed infrastructure model based on proven trust and identity.” Numerous businesses today rely on the cloud to back up their data. It's a major asset thanks to its cost efficiency and massive scale. With edge computing brought into the mix, it’s an ideal combination for offering greater bandwidth and security for your healthcare enterprise.
Leveraging various authentication schemes and file-access protocols
Many consumers resign themselves to a life where none of their information is ever secure. Considering the vast quantities of data that even basic apps take from you, it’s no wonder why so many people believe privacy is dead. But it doesn’t have to be. Companies have the ability to leverage different authentication schemes and file-access protocols to use for both edge and cloud components. This minimizes the entity’s exposure to a ransomware attack. In addition to these implementations, it’s also vital for healthcare employers to understand that not everything needs to be synchronized. Depending on the size of your business, you may have multiple locations, but patients are likely to only go to a single building. However, if everything is synced together, then there is a risk that a hack at one of your locations can put every single one of your patients at risk. It’s this kind of oversight that results in nearly half of all American adults falling victim to a data breach from 2015 to 2018. You need to make a conscious effort to know which files to share and to which locations they need to be synced. While every business can learn something from this, it’s particularly important for those in the healthcare industry. Patients have a right to privacy, and medical information falling into the wrong hands can put organizations at greater risk than a restaurant or clothing store falling victim to a hack. Patient data should be stored on a “need to know” basis. If a doctor at another location doesn’t need access to that data, then it doesn’t need to be synced with that branch. Edge-to-cloud security is just the beginning of what healthcare organizations can do to increase protection protocols, but it’s also exactly that: just the beginning. With online privacy becoming a major topic in recent years, consumers are starting to worry more about how their devices function when connected to the internet. Additional measures such as covering up your webcam to block footage from your camera is a major asset that aims to the one goal of making sure that your private information remains private from the government and cybercriminals alike.
Keeping patients safe and secure
The era of COVID-19 has made patients’ private information even more vulnerable. As some organizations create temporary hospitals, data may not always be handled with the best of care with everything being so hectic right now. But you can’t allow a single vulnerability to get past you. While no security protocol is perfect, there’s likely a lot you can do now to make sure cybercriminals stay out of your healthcare system.
About the Author: Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security with an emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
