Healthcare providers, health plans and business associates must not let their guard down as the number of reported cybersecurity breaches has leveled off after meteoric rises over the past several years.
Malicious attacks ranked as the No. 1 cause of breaches for a sixth consecutive year, with the percentage of incidents pegged to hacking/IT incidents rising from 73% last year to 80% so far in 2022, according to Fortified Health Security’s 2022 Mid-Year Horizon Report: The State of Cybersecurity in Healthcare.
The report found 337 breaches impacted 500 or more records reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in the first six months of 2022. Healthcare providers account for the most breaches (72%), followed by business associates (16%), and health plans (12%).
While the healthcare industry has made some progress toward adopting a security-first mindset, hospitals and health systems can implement four cybersecurity best practices to continue to enhance resiliency and security posture, according to the report.
1. Mature incident response plans
Creating an incident response plan that anyone at the company can follow in the event of a cyberattack is critical. The plan must include contact information for notifications (executives’ phone numbers, legal representatives, IT leaders, and any external IR service providers). It should outline the steps for incident response responders to take first, including retrieving logs and confirming the integrity of system backups stored offsite. Someone should begin investigating the extent of the breach and identify the source of the intrusion. If an outside firm is contracted to help with incident response, that firm will often work on damage-control and determining the intrusion source while in-house IT focuses on getting the organization’s IT assets back up and operational.
2. Implementing MITRE ATT&CK
The open-source tool MITRE ATT&CK can help make it easier for cyber professionals to learn about the most recent advanced persistent threats (APTs), while giving IT and business leaders a common lexicon to talk about them. MITRE takes publicly available threat intelligence and incident reporting and distills it into a database of common tactics, techniques, and procedures (TTPs). Cybersecurity teams can leverage this information to look for security gaps in digital defenses.
3. Tracking Security Metrics
Tracking and reporting operational metrics around cybersecurity are critical to proper cyber hygiene. Healthcare cybersecurity leaders should track data that affects patient outcomes, the report suggests.
First, make sure not to get so far into measuring tool effectiveness or the cybersecurity team’s efficiency that the human factor is forgotten. Verizon’s latest global data breach investigations report found that 82% of breaches and cyber incidents involved a human element such as stolen credentials, phishing, misuse, or an error. Make sure to include human-related data points such as user-awareness training effectiveness and email click-through rates. Second, figure out a way to equate IT hours handling various cyber events to accurately calculate ROI on monies spent, whether on tools or outsourcing.
Basic but important uses for metrics include: finding coverage gaps, asset compliance, ROI, trends over time, intrusion response and recovery and threat remediation. Finally, cyber leaders should consider how metrics are presented to various constituents.
4. Strengthening artificial intelligence (AI) and machine learning (ML) IT security
AI/ML and deep-learning technologies are transforming diagnoses and healthcare delivery. Likewise, advanced technologies that leverage AI/ML concepts are also transforming IT security services that can bring quicker threat detection and mitigation, increased productivity, and the ability to perform sophisticated tasks with less staff or extend the capabilities of junior security staff members.
An overlapping cybersecurity strategy that includes AI/ML technologies can help hospitals and health systems gain the visibility they need into IT environments, improve their security postures, and extend the reach of IT staff.