A group known as Black Basta recently attacked Ascension Healthcare Network systems with ransomware. The attack forced Ascension to divert patients, reschedule appointments, and even revert to manual systems – which can be a tall order for a nonprofit network with over 140 hospitals in 19 states and Washington, D.C., and a workforce of over 177,000 employees.
According to sources close to Ascension, the healthcare network was prepared for such disruptions, but several hospitals still reported interruptions “significantly interrupting healthcare service delivery.”
So, what does this mean for your healthcare company? Whether it's disrupted phone systems and medications or leaked patient data, your healthcare organization is a major target. And because of the noble work you do in treating the sick and maintaining high standards of patient care, you can’t afford to avoid paying the ransom and keeping your systems down.
The good news – there are ways to protect your company long before you detect any alerts. Here, you’ll uncover the 5 best ways to protect your healthcare company from cyberattacks so you can focus on what matters – treating your patients and changing lives.
5 Best Practices to Secure Your Company
1. Implement Strong Password Policies
Encourage employees to create complex passwords that are difficult to guess. Use a combination of upper- and lower-case letters, numbers, and special characters. You can even consider using a password manager like LastPass to create unique, strong passwords and store them safely. No more plastering your kids’ birthdays or pets' names across the web or leaving sticky notes on your desk.
What You Can Do
Require password changes every 60-90 days and use two-factor authentication (2FA) for added security. For example, employees might receive a code on their phone to enter along with their password. If you want to make your password policies even more secure, opt for a multi-factor authentication app like Microsoft Authenticator to generate a one-time login code.
2. Regularly Update Software and Systems
Outdated software can have vulnerabilities that cybercriminals exploit. Regular updates and patches fix these security gaps. Not to mention that frequently updating your software can prevent slow speeds and unnecessary work stoppages for a more productive (and less stressful) workday.
What You Can Do
Set up automatic updates for operating systems and applications, and have someone responsible for monitoring them. Make sure to also update medical devices and other equipment that connect to the network. If you have questions or you’re not sure what software is best for your organization, consider partnering with an MSP like JMARK, where we’ll take care of all your tech needs so you can focus on delivering the best patient care possible.
3. Conduct Employee Training and Awareness Programs
Employees are often the first line of defense against cyber threats. Training them can prevent breaches and phishing attacks – especially when some of the largest data breaches in history, like Anthem, which affected 78.8 million records, started after a user opened a phishing email.
What You Can Do
Hold regular training sessions on identifying phishing emails, proper data handling, and reporting suspicious activities. Use simulated phishing attacks to test and improve employee response. The more your team knows about the signs of phishing attacks, the more confident they’ll be in identifying and avoiding them.
4. Use Encryption for Sensitive Data
Encryption converts data into a code to prevent unauthorized access. It ensures that even if data is intercepted, it cannot be read without the decryption key. It’s a great way to protect your emails and any other sensitive information you don’t want anyone to see.
What You Can Do
Encrypt all sensitive data, both in transit and at rest. This includes patient records, billing information, and communication between devices. For example, use secure sockets layer (SSL) encryption for emails and websites. This will make sure that any data transmitted between the server and the browser remains private and integral.
5. Develop and Regularly Test an Incident Response Plan
An incident response plan outlines how to detect, respond to, and recover from cyberattacks. Regular testing ensures the plan is effective and that everyone knows their role. While having a plan seems like a no-brainer, a study conducted by the Computing Technology Industry Association (CompTIA) reported that only 37% of companies include an incident response plan as part of their cybersecurity strategy.
What You Can Do
Create a detailed incident response plan, including steps for containment, eradication, and recovery. Many companies use generic plans that fail to match your organization’s structure, so make sure you customize your plan for your specific needs. Conduct regular drills and update the plan based on lessons learned from these exercises. This will help you reduce downtime, maintain your reputation, strengthen your security, ensure compliance, and minimize financial losses.
Summary
With cyberattacks like the incident on Ascension Healthcare Network, your organization’s chance of being targeted only grows. Don’t get caught in the crosshairs. To protect your healthcare company, follow these 5 best practices:
- Require frequent password changes and multi-factor authentication.
- Automatically update your operating systems, apps, medical devices, and other equipment connected to your network.
- Train your team to confidently identify and report phishing attacks with simulated incidents.
- Encrypt all sensitive data, such as patient records, billing information, and communication between devices, to ensure that your data remains private.
- Create and regularly test an incident response plan that’s tailored to your company’s needs.
The Future of Cybersecurity
Cyberattacks are only growing more frequent and advanced. But that doesn’t mean you can’t fight back or stay ahead. When you prioritize a strong security posture as part of your strategy, you’re not only protecting your finances—you’re protecting your public trust, and you’re protecting your patients.
It’s time to act. Because waiting around can cost you millions. To discover a detailed breakdown of how you can keep your patients safe, grab our cybersecurity checklist. If you want to unlock a personalized plan, call 844-44-JMARK to speak with one of our IT and security experts for proven solutions.