VGM & ASSOCIATESHealthcare MSO
Full Menu Search

Cybersecurity: Five Tips For Remaining Secure

Published in Complex Rehab on August 23, 2023

CybersecurityBy Jay Bracken, Certified Information Systems Security Professional (CISSP), VGM Group

On Thursday, August 5, a ransomware attack shut down emergency rooms and primary care services in several states. This most recent incident is described in this linked article from The Verge, a digital technology and science media/news company. Hackers continue to show us their persistence in stealing patient data and creating chaos, but in this latest incident they are impacting the health and wellness of patients along with an overwhelming loss of revenue. Below we are providing five tips from VGM Group’s SVP of Corporate Information Services, Jay Bracken, Certified Information Systems Security Professional (CISSP).

As we’ve seen from recent news headlines, security breaches aren’t going anywhere. The most common form of attack remains ransomware, in which companies are locked out of their own systems until they pay the attacker. This is horrible when it happens to anyone, but when it happens in healthcare settings, the consequences can quite literally be life or death.

So what can be done to protect your organization, and more importantly, your patients, from the effects of ransomware attacks? Here are five things that can get you started down a more secure path:

  1. Conduct Regular Risk Assessments: Regularly assess the security of your systems, networks, and processes to identify vulnerabilities and address them proactively. If you can fit it in your budget, hire a qualified third party to walk you through an assessment – we can often overlook problems we see every day, but experts know where to look. Only by honestly assessing the risk to your organization – what are your key systems, key vendors, key devices – can you begin to adequately protect them. Just like you wouldn’t prescribe care without seeing a patient’s chart, blindly throwing money at security solutions without knowing your weak points won’t be effective.
  2. Harden Devices and Patch Software: Lock down systems to only be able to do what you need them to – extra privileges, admin accounts, and service accounts create no value, only extra risk, so disable them. Keep all software, including operating systems, medical devices, and security tools up to date with the latest patches and updates. Vulnerabilities in outdated software can be exploited by attackers – they will scan for them, so you should get there first and get them patched.
  3. Implement Access Control Policies with Multi-Factor Authentication (MFA): Making your systems as difficult as possible to log into for an attacker, while still making it easy for your employees, seems like an impossible task, but in reality, a good MFA system gets you a long way there. MFA means logging in with a combination of two or more of: something you know (password or PIN), something you have (a token, phone app), and/or something you are (a fingerprint, facial scanner). For example, you might enter your password and then get a push notification on your phone – an attacker can’t get that push notification on their phone, so even if your password becomes compromised, that still doesn’t let them in. Require the use of MFA for accessing sensitive systems and data. Train your users how to use them and how an attacker might trick them. Which leads us to…
  4. Train Staff on Phishing and Social Engineering: Provide comprehensive training to all employees, with a strong emphasis on how to spot phishing emails and social engineering. Ideally, send test phishing messages and track employee recognition. Provide additional training to those that don’t pick it up as quickly – we all have varying levels of familiarity with these types of attacks, so repetition is key. Tell employees what information they shouldn’t give over the phone – ideally no passwords, PINs, and no activating your MFA because someone on the phone asks you to. Phishing and/or social engineering are still the #1 way attackers or ransomware get into your systems in the first place.
  5. Regularly Back Up Data: Implement a robust data backup strategy to ensure that critical system data is backed up regularly, and the backups are tested for data integrity and restoration capabilities. Ideally, keep one copy of your backups offline, where they cannot be accessed by anyone. This is your “in case of emergency, break glass” set of backups, and no one should be able to access them over the internet or your internal network without physically connecting them first. This keeps ransomware, or an attacker who is inside your network, from corrupting your critical backup files, allowing you to start fresh with backups you know will work. Test restoring from backups so you know you can do it when the time comes.

These five tips are a great start toward a more robust, secure environment that is less prone to ransomware. If you know where your risks are, patch unsecure systems, control login access with MFA, train your staff well, and have safe backups, you make yourself a harder target for attackers, and make it easier to get back up and running if something bad does happen.

TAGS

  1. cybersecurity
  2. vgm

Get Connected

Stay up-to-date on the latest resources and news provided by VGM & Associates.

Sign Up for Email

From Our Experts

Cindi Petito and Nikki Grace Join VGM & Associates thumbnail Cindi Petito and Nikki Grace Join VGM & Associates VGM & Associates is excited to announce key leadership updates. Cindi Petito will be joining as Director of Clinical Networks, and Nikki Grace will be joining as Director of OPGA. Tyler's Thoughts: October 2024 thumbnail Tyler's Thoughts: October 2024 We are thrilled to introduce the newest member of the U.S. Rehab team, Cindi Petito, who will be joining us as the Director of Clinical Networks. Dear Colleague Letter Circulates Through Congress Seeking Support for DMEPOS 75/25 Blended Rate thumbnail Dear Colleague Letter Circulates Through Congress Seeking Support for DMEPOS 75/25 Blended Rate A new Dear Colleague letter, released this morning by Representatives Mariannette Miller-Meeks, Paul Tonko, and Randy Feenstra, is calling for the reestablishment of the Medicare 75/25 blended rate for durable medical equipment (DME) in non-rural, non-competitive bid areas for 2025. U.S. Rehab and NCART Advocate for Enhanced Accessibility and Support for Individuals with Disabilities thumbnail U.S. Rehab and NCART Advocate for Enhanced Accessibility and Support for Individuals with Disabilities U.S. Rehab and NCART joined forces in Washington, D.C. and hosted approximately 70 meetings with various members of the House and Senate, bringing together providers and manufacturers to support their legislative requests. Remote Patient Monitoring: Enabling Patient-Centered Care in a World of Value-Based Care thumbnail Remote Patient Monitoring: Enabling Patient-Centered Care in a World of Value-Based Care How can the rise in remote patient monitoring (RPM) technologies help transform healthcare and achieve goals of patient-centered care? Patient-Centered Care, More Than a Buzz Word? thumbnail Patient-Centered Care, More Than a Buzz Word? The delivery of patient-centered care should be one of the main focuses of the DME provider. This delivery of care is one of the main components of ACOs. Breaking: Titanium/Carbon Fiber Upgrade Bill Introduced in the Senate – S.5154 thumbnail Breaking: Titanium/Carbon Fiber Upgrade Bill Introduced in the Senate – S.5154 Senators Marsha Blackburn (R-TN) and Tammy Duckworth (D-IL) introduced the titanium/carbon fiber wheelchair upgrade bill yesterday. Value-Based Approaches to Wound Care Management thumbnail Value-Based Approaches to Wound Care Management In the context of wound care, value-based care emphasizes the importance of outcomes-driven, evidence-based treatment plans that reward the quality and efficiency of services.

Be Part of Something Bigger

Become a Member