6 steps for more cyber resilience in the healthcare sector
Hospitals and care facilities are often the target of cyberattacks. What is particularly worrying in this context is that, according to an international study, the recovery costs of ransomware attacks in the healthcare sector have increased significantly.
At an average of over 2 million euros (2.2 million US dollars), healthcare companies had to dig much deeper into their pockets in 2023 to become operational again. In 2021, 1.1 million euros (1.27 million US dollars) was still sufficient. This means that recovery costs have almost doubled in the space of two years. This shows that attacks are increasingly being carried out "professionally" and that facilities are not sufficiently prepared. It is therefore only a matter of time before a cyber attack paralyzes a healthcare facility and, in addition to the potential inability to operate, also results in immensely high costs. The worst could be prevented with just these six tips.
- Risk assessment and management
A thorough risk assessment can help identify vulnerabilities in healthcare IT systems. The assessment must consider all potential points of attack for ransomware, including employee devices, monitoring devices, remote access systems and third-party services.
- Employee training and awareness programs
The Verizon Data Breach Investigations Report (DBIR) found that 68 percent of data breaches involved human error, including social engineering. Time and time again, experts warn that hackers use the stolen identities of employees to launch attacks on hospital IT departments. Awareness programs can help to sensitize employees.
- Comprehensive plans for data backup and disaster recovery
Disaster preparedness is essential for recovering from a ransomware attack or cyberattack. Guides with a "step-by-step guide to creating a disaster recovery plan" can help prepare for the worst-case scenario.
- Improve network security (incl. IoT cybersecurity)
Advanced network protection measures are more important than ever. The NIST Cybersecurity Framework provides quick-start guides, resources and templates to help organizations implement effective solutions. These should include both intrusion detection systems (IDS) and endpoint protection platforms that can detect and respond to threats in real time.
- Planning and implementation of worst-case scenarios
It is advisable to develop a response plan for critical incidents that is specifically tailored to the healthcare sector. This plan must include clear roles, responsibilities, response procedures and communication strategies.
- Use of a standardized data backup platform
As data can be spread across different facilities, storage media and applications, a unified backup solution can mitigate the impact of a cyberattack. Using solutions that increase IT resilience by simplifying processes across all storage platforms - local, virtual or in the cloud - are the most effective.
Basically, it is better to start than to wait until everything is perfect. Above all, however, it is important to raise awareness among employees, because unfortunately their careless handling of digital information and data is one of the most common reasons why hackers achieve their goals.
Source: www.arcserve.com
