To combat this issue and enhance device security, Wang recommends that IT teams focus on three tactics, starting with visibility.
“Healthcare organizations, hospitals — they need to know what is on their networks,” says Wang. “They need an intelligent, automatic tool that tells them how many devices and what devices are on their networks.”
Once a team gains that understanding, she suggests actively monitoring and segmenting medical devices onto their own private networks. This can help organizations to be better prepared for a cyber event and contain any lateral movements attempted by a hacker.
3. Don’t Forget to Educate and Train Clinical Staff
On average, targeted healthcare companies each received about 43 impostor emails in the first quarter of 2019 — nearly triple the amount seen in the same quarter in 2018, according to a recent report from enterprise security company Proofpoint.
Perhaps more surprising: Doctors, physicians and administrative staff all ranked as higher targets for attackers than executives and other high-ranking employees.
“If you’re looking at ways to stem cybersecurity,” says Ryan Witt, healthcare industry practice leader at Proofpoint, “then you need to start with identifying those attacks.”
Today’s attacks target people, not just technology. And today’s hackers, Witt says, have learned to exploit the human factor: workers’ time constraints, curiosity and a natural desire to serve others (a malicious email offering information on how to contain a flu outbreak in the form of a Microsoft Word document, for example).
Educating all staff on the value of security in a clinical setting is critical, Witt says. Deploying tabletop exercises with a focus on real-life consequences can help ensure the message sticks across your entire organization.
“Attitudes of clinicians have reversed when it comes to embracing new technology and security,” says Witt. “The community is embracing the protection of data as a component of the overall wellness program.”