
Four Tips to Help Healthcare Companies Reduce Their Risk of Cyber Attacks
The recent global breach hit the United Kingdom's National Health Service especially hard. But outdated systems and a lack of updates made the incident predictable. Some simple steps could have reduced the risk.
By now, news of the “largest ransomware attack in history,” has spread far beyond IT and cybersecurity circles. Over the course of a weekend, hackers launched a global ransomware attack that affected more than 300,000 computers globally—halting day-to-day operations at organizations on 3 continents. Some of the hardest hit victims were hospitals,
Intelligence and cybersecurity experts have
Unfortunately, this is not the first instance of a cyberattack on healthcare institutions—the NHS had
Earlier this month, I spoke on a panel at the spring meeting of AJMC®’s
It is now more important than ever to recognize that organizations need better, more frequent training for health professionals and more robust company policies to prevent history from repeating itself. Below are some tips to help companies reduce the chance of another WannaCry attack:
1. Make security part of company culture. Hospitals and other healthcare organizations are prime targets for hackers for the patient information they possess. By adopting company policies and values that keep privacy and security at the core of operations, organizations can help employees take on a more proactive mindset regarding security from day one. Consider using tactics like a mentor program, professional development and town halls to better communicate with employees.
2. Don’t treat it as “check the box.” Going through the motions can leave organizations vulnerable to the fast-evolving nature of cyberattacks. Hackers are constantly coming up with creative tactics to infiltrate and halt systems. Their aggression can only be met by proactive, innovative thinking geared toward staying a step ahead. Organizations should know what legacy systems are on their network and where they may have potential exposures. Separating legacy systems from primary networks can help limit exposure to attacks.
3. Teach people the basics. In many cyberattacks, including this most recent incident, a single user can infect an entire organization’s system by simply opening the wrong email. Make sure that all employees understand how to recognize a suspicious email, corrupted files and other red flags. Equipping teams with basic cybersecurity knowledge and best practices can help eliminate many of the quickest routes for malware to infiltrate systems.
4. Update your systems. The countries and industries who were most impacted by the WannaCry ransomware attack were those that had not updated their operating systems in a timely fashion.
By taking these steps, companies can help defend the health system from another large-scale attack. I encourage all healthcare professionals to research cybersecurity best practices that will undoubtedly help protect your organization or facility.
Follow Dan Konzen on Twitter @dankonzen or LinkedIn
Newsletter
Stay ahead of policy, cost, and value—subscribe to AJMC for expert insights at the intersection of clinical care and health economics.