In May 2017, Ascension Health, which runs Seton Healthcare Family hospital network in Austin, TX, announced that a computer virus was discovered on its computer network.

Seton’s response? They shut down around 3,600 devices as a precautionary measure while the incident was investigated. Fortunately, Seton was prepared for such a cyberattack, implemented a fast response and was able to reduce the impact of the attack.

Cybersecurity continues to rank a major concern for healthcare executives. HealthIT Security recently reported that with two years of a steadily increasing cyber threat landscape with record number of patient records compromised, health organizations extorted financially and hospital operations disrupted, things will continue to be challenging in this space.

Furthermore, on average, a single cyberattack instance costs a whopping $4 million.

Digital transformation is fueling changes to security strategies and is rapidly occurring and reshaping all businesses, including healthcare. In a recent Forbes Insight report entitled Enterprises Re-Engineer Security in the Age of Digital Transformation, 69% of senior executives surveyed believe that digital transformation is forcing them to rethink their cybersecurity strategies.

The Forbes Insight report notes the following four assets executives cited as most important to protect against a security breach:

• Corporate financial information
• Customer information
• Brand reputation
• R&D and other intellectual property

The report notes the following technologies with the biggest security implications:

• Public-cloud software
• Big data applications
• Mobile business applications
• Hybrid clouds

At INTELLIMED, a healthcare IT data analytics company, we provide data that becomes part of a hospital’s larger big data set. We know how important protecting data is, notably around patient privacy and safety.

A January 2017 article in HealthcareITNews notes the following as critical steps for healthcare systems to take to reduce their vulnerability to cyberattacks, according to security experts:

• Risk Assessments – With the limited funding most healthcare organizations experience, risk assessments help identify what most needs protected.
• Disaster Recovery and Contingency Plans – These plans should include not only medical and billing records, but contingencies for email, departments reliant upon the network and departments with high-tech equipment like lab, pharmacy or imaging.
• Dedicated Sec-Op Teams – These dedicated teams handle security, hunt threats, educate staff and perform pen tests.
• Business Associate/Vendor Security – Proper vetting of vendors’ risk assessment, requirement of indemnification provisions and cybersecurity insurance in business associate agreements along with selecting vendors with a demonstrated track record with ‘security by design.’
• Employee Training – Simplifying the education so it’s easy to remember and practicing the action plan for an attack often. Create a secure-aware organization with customizable digital online cyber security training.
• Layered Defense – Looking to target areas where layers of cyber defense can be added.
• Improved Tech Hygiene – System upgrades and patches should be kept up-to-date and routinely checked to minimize system vulnerabilities.
• Cybersecurity Partnerships – Finding the right partners can greatly reduce the chances for attack and increase the cybersecurity strategy.
• Better Software – A short list of technologies includes next-generation firewalls, advanced malware detection, email and web gateways, multi-factor authentication, encryption, vaulting solutions and outsourcing security information and event management.
• Forensic Consultants – Before a crisis does occur, it’s good to have a forensic consultant on-hand to provide insights on weaknesses, liabilities and security reports.

The earlier referenced Forbes Insight report notes the four areas as primary initiatives undertaken by organizations to be less attractive to hackers, which aligns with the recommendations from HealthcareITNews.

• Expanded vulnerability discovery and breach remediation
• Invested in employee security training
• Upgraded or introduced antivirus software, anti-malware software or intrusion detection/prevention systems
• Put more resources into defending against zero-day exploits

The report notes these areas for the highest security investments in the near-term:

• IT and automated patching systems
• Cloud-based security tracking and management systems based on data analysis
• Break detection systems
• Data protection and compliance, such as encryption and data-loss prevention systems

Cybersecurity within all industries, including healthcare is a never-ending challenge as well as a moving target. It’s worth a final note that while this article focuses more on the technological issues around cybersecurity, preventing cyberattacks has as much to do with culture and organizational structure as it does with technology.