Healthcare is one of the most targeted industries for cyberattacks, with 45 million people affected in 2021. Thus, having the tools to prevent, prepare and respond to breaches is crucial to hospital cybersecurity. Here are some ways to fortify defenses, as outlined by a Feb. 14 McKinsey report.
Prevention
The majority of ransomware attacks start with a phishing email or a remote desktop protocol compromise, so it's critical that all employees are constantly aware of cybersecurity threats.
- Companies can ensure that employees are using strong passwords and multifactor authentication when logging into accounts.
- Patching operating systems that might be old is crucial, as unchecked legacy systems can lead to vulnerabilities.
- Make cyber awareness training mandatory for employees and teach them best practices.
Preparation and response
Preparing for a potential attack will ensure that if a cybersecurity threat occurs, the organization will be ready.
- Prepare for all eventualities, knowing who will lead your response team and make decisions about whether to pay hackers. Communicate this plan to board members.
- When an attack hits, the first thing a hospital should do is call law enforcement for disclosure. It should also seek external counsel and insurers and inform other stakeholders.
- Investigate alternatives to payment and try to understand who is behind the attack and how much information they have, as this will help with negotiation.