close
close

The Threat Brief describes steps to improve computer security in healthcare.

According to the federal Department of Health and Human Services (HHS), healthcare systems must continue to strengthen their cyber footprint, the overall strength of organizational cybersecurity.

Cyberstatus includes protocols for predicting and preventing cyber threats, as well as the ability to act and respond during and after attacks, according to Strengthening Cyber ​​Posture in the Health Sector. this is the last summary of threats posted on June 16 by the HHS Health Sector Cybersecurity Clearinghouse (HC3), which works with the HHS Information Security Administration and the federal Cybersecurity and Infrastructure Security Agency (CISA).

According to HC3, the healthcare sector remains a popular target for cyberattacks due to the large amount of data and the relative vulnerability of computer systems. The Cyber ​​Threats Brief cited reports from the law firm Baker Hostetler, which released its report. “Data Security Incident Response Report 2022” in April, and nonprofit analyst CyberWorld The Institute, which in March 2021 published “Playing with Lives: Cyber ​​attacks on healthcare are attacks on people.”

good posture

HC3 recommended the following steps to strengthen the cyber position of the organization:

  • Conduct regular security assessments
  • Constant monitoring of networks and software for vulnerabilities
  • Determine which department owns which risks and assign managers to specific risks.
  • Review gaps in your security measures regularly
  • Define a few key safety metrics
  • Create an Incident Response and Disaster Recovery Plan

Reduce chance

HC3 offers ways to reduce the likelihood of a cyber intrusion:

  • Verify that any remote access to your organization’s network, or privileged or administrative access, requires multi-factor authentication.
  • Ensure that the software is up to date, prioritizing updates that resolve known exploitable vulnerabilities identified by CISA.
  • Confirm that the organization’s IT staff has disabled all ports and protocols that are not necessary for business purposes.
    If your organization is using cloud services, ensure that IT personnel have reviewed and implemented the robust controls described in the CISA guidance.

CIS offers free tools and services to improve cybersecurity. The Federal Office of the National Health Information Technology Coordinator also has security risk assessment tool to conduct a security risk assessment as required by federal regulations and agencies, including the Centers for Medicare and Medicaid Services.

Rejection of payments

Starting in 2020, there has been a marked increase in phishing and social engineering attacks that attempt or successfully redirect wire transfers, direct deposits, and payments through automated clearing houses, according to a report by Baker Hostetler. The firm said the shift began in 2020 and continued into the past year.

Baker Hostetler has five top tips for preventing fraudulent transfers:

  • Use Multi-Factor Authentication (MFA) for remote access to online accounts, including email and payroll portals, and disable legacy authentication in your email client.
  • Train employees on phishing emails and common fund transfer scams.
  • Establish written policies and procedures related to authorizing and approving changes to bank transfer, ACH payment, and direct deposit information.
  • Develop contract clauses with vendors and customers that require personal or voice authentication for changes to existing bank transfers, ACH payments, and direct deposit information.
  • Investigate if anything seems wrong, find the email sender’s phone number you have on file (not the contact listed in their email) and call the sender to confirm that what is being requested is legit.

By them

Leave a Reply

Your email address will not be published.