COVID has shifted the world in unexpected ways, particularly when it comes to data security. The rapid transition to work-from-home (WFH) made it challenging for most businesses to keep up with policy and technology updates that support a WFH model. It didn’t take long for hackers to figure that out.
Cyber attacks are on the rise, particularly in the healthcare sector. One report from C5 Capital alliance indicates a 150% increase in attacks on healthcare systems in the first quarter of 2020.
Healthcare Systems Under Pressure
Given the tremendous strain the pandemic is putting on healthcare systems and healthcare personnel, it’s understandable they might fall behind on regular IT maintenance. At Path Forward, our team of healthcare IT experts works hard every day to make sure our clients are protected.
Here are three common mistakes that create fundamental security vulnerabilities:
1. DELAYING UPDATES: The dreaded notification: “You have system updates. ”
It may seem like a nuisance to run system or software updates. It takes time and typically requires a full re-start. But this is one of the easiest ways for attackers to compromise your systems.
Vendors push out updates and patches for a reason. They know there is a vulnerability or bug in a product you are using, and they are providing the patch to address it as quickly as they can. However, publishing the update to customers also increases awareness of the vulnerability with potential attackers.
It’s essential to run these updates as soon as possible. While time is of the essence, sometimes there can be concerns that the patch could interfere or break a workflow unique to your environment. The ideal first step is to test the patch in a test environment. If that’s not possible, be sure you are prepared and backed up before running the updates. With good backups, you can restore your data to the pre-update version if something goes wrong with the patch.
*KEY TAKEAWAY: Prioritize updates and patching. Respond to vendor updates within 24 hours, or as quickly as you can while keeping a reasonable risk to avoid breaking production systems and workflows. Test the patch in a test environment when possible.
2. OUTDATED EQUIPMENT: It’s not about keeping up with the Jones’.
Equipment is expensive – no matter if you’re considering buying a new SAN, laptops for the organization, or even just a new smartphone.
It’s natural to approach these expenses as long-term investments. The downside is the definition of the long-term might be shorter than you hoped.
Don’t kid yourself into thinking you can humbly get by with older equipment that “still does the job.” New equipment is not about getting the latest and greatest functionality. It’s about staying current and safe.
Using equipment and software past its end-of-life date is a much bigger security problem than most people realize. Manufacturers regularly age-out older versions of their products, meaning they no longer provide updates and critical security patches. Having these outdated components in your environment significantly jeopardizes your system security and voids the effectiveness of any other security measures that are in place.
*KEY TAKEAWAY: Plan for the manufacturer’s end-of-life timeline. It’s typically published at least a year in advance, and many vendors publish lifecycle information to help with planning upgrades and budgeting for those expenses. Consider leasing options if your budget doesn’t allow for purchasing.
3. CHASING SECURITY SOLUTIONS: Monitoring system entry points can be like herding cats.
Since COVID, most companies rely on remote workforces. It’s more common than ever to have a single employee accessing your network from several different devices – smartphones, laptops, tablets, etc. Each of these devices represents an endpoint, essentially an entry point where an attacker could gain access to your systems. Endpoint management software helps centrally monitor and evaluate all devices to ensure security and software updates.
A common misperception is that a combination of endpoint management and anti-virus software is enough to manage the risk of any intrusion. This is not the case, as proven nearly every day over the last six months as the healthcare industry is the favorite target for attackers.
Another misperception is that the newer the software, the better the security. Many companies make it a priority to have the latest and greatest solutions and are continually changing their systems. They often overlook the internal talent, skillsets, training, and dedicated resources needed for maintaining these tools. Human monitoring and analysis of threats are critical. Internal security teams have so many competing priorities; it’s challenging and expensive to dedicate the resources needed and stay constantly aware of the latest threat data.
Managed detection and response (MDR) is an outsourced service that combines the human expertise with automated threat detection to effectively monitor, collect, analyze, and respond to threats as they are discovered.
*KEY TAKEAWAY: Endpoint Managed Detection and Response (EMDR) is currently the best technology available for quickly detecting a breach before it creates a noticeable malicious impact. EMDR provides exceptional forensic information should a breach ever occur, which helps in reconstructing events to identify where extra security is needed.
A Security Effort is Never Finished
At the end of the day, managing the security of your data and environment is an ongoing effort. It requires careful and constant evaluation and oversight. It also requires a reliable backup and recovery plan.
The above recommendations are part of our Minimum-Security Requirement Checklist. You can download the checklist here. If you’re interested in talking with one of our security experts for an evaluation or discuss your security needs, please reach out here.