MEDHOST Blue Logo

Let’s talk about your EHR needs: 1.800.383.6278  

Tuesday October 4, 2022  |  Michael Johnson, Chief Information Security Officer

3 Major Healthcare IT Security Topics for 2023

It’s been a busy year for information security.

Remote access to company servers, personal devices in the workplace, and increasing demand for mobile access from physicians have created an unprecedented challenge for traditional Healthcare IT (HIT) teams, who are now struggling to meet these evolving expectations while safeguarding valuable assets.

This challenge is even more pronounced for our partners among rural and critical access hospitals. The shortage of cyber security professionals has impacted every industry, but these health systems are especially vulnerable; their remote operations and inability to offer competitive salaries put them low on the list of potential applicants. As a result, the responsibility for infosec governance often falls to existing IT staff, who may not have the tools or experience to counter threat actors amid a rapidly changing work environment.

For National Cyber Security Month, we’d like to take look back on three crucial healthcare IT Security topics covered by our Chief Information Security Officer, Michael Johnson, in 2022, and touch on how companies can leverage these insights and technologies to protect themselves and their sensitive data in the coming year.

Zero-Day Attacks

This is the kind of thing that keeps infosec professionals up at night—hackers exploiting a previously unknown vulnerability. The name is derived from the timeframe surrounding the attack: developers have been aware of the weak point for zero days prior to infiltration.

This type of attack is destructive because malicious actors can take advantage of a security gap before developers have time to patch or mitigate the vulnerability. To prevent zero-day attacks, IT teams must concentrate on configuring defensive measures appropriately and ensuring they are continuously optimized.

Vulnerability scanners, firewalls, and intrusion prevention systems (IPS) all do a reasonably good job identifying and isolating threats. However, these technologies also need a lot of upkeep, which costs internal teams time and resources.

Working with an experienced development operations, security, and infrastructure partner can bolster cybersecurity protections around products and apps while minimizing the potential impact of zero-day attacks.

Read more here.

Passwords

It’s common knowledge that a strong password is necessary to protect your digital identity. In the past, this was as simple as using a name or date known only to you. But as the online ecosystem became more diverse, and the threats of unwanted intrusion became more common, passwords became more complex, including upper- and lower-case letters, numbers, and punctuation marks. Eventually, artificial intelligence would come to judge our passwords as “strong” or “weak” before a company login page would accept the credentials.

But as the onus to devise, update, and remember so many passwords began to wear on businesses and consumers, many took a predictable approach to digital security: a capitalized first letter, the number one, and a terminal exclamation point. If this describes one or more of your passwords, you’re not alone.

Unfortunately, predictable passwords make it easy for malicious actors to gain access to vulnerable systems. And while most articles on the subject will tout multi-factor authentication (MFA) as the solution, it’s not the first step in creating a healthy information security policy around password protection.

For example, many companies still adhere to an eight-character password policy, and only rotate passwords every 90-days, creating massive headaches for employees with multiple linked devices and doing little to prevent attackers.

These widely accepted password complexity and rotation guidelines were created decades ago and are nowhere near adequate for fending off the intricacy of 21st-century cyber threats.

Read more here.

Security Assessments & Virtual CISO (vCISO) Services

Inaccessible locations and constrained budgets make it more challenging for our partners in rural, community, and critical access healthcare facilities to recruit and maintain the expertise required to protect patient data.

Below, we’ll unpack two infosec services that can alleviate some of the burden these workforce shortages put on smaller hospital information technology and security departments.

Security Assessments

Evaluating a facility’s security posture helps to identify gaps in coverage and areas where mitigation strategies might thwart future attacks.

By analyzing findings from this assessment, your facility can develop a strategy to strengthen overall security, including remediation activities and preventative measures.

Virtual Chief Information Security Officer (vCISO)

An assessment can provide hospitals with a snapshot of their security posture, but dedicated third-party support provides the necessary analysis, coaching, and expertise to eliminate risks identified by these security reviews.

The partnership of a virtual Chief Information Security Officer (vCISO), providing regular status updates with clients and their IT teams, is a key feature of an effectively managed information security approach.

Read more here.

To learn more about how MEDHOST can help protect its customers from cyber threats and reduce its impact on operations, please reach out to us at inquiries@medhost.com or call 1.800.383.6278.

 

You may also be interested in:

MEDHOST Achieves HTI-1: DSI Criteria Certification
+