In this day and age, it’s nearly impossible to go without using a computer or mobile device of some sort. Whether it’s for work or personal use, we all utilize technology which means we’re all susceptible to cybersecurity attacks. For healthcare organizations that operate in settings outside of the hospital, these kinds of attacks can have detrimental effects not only to the organization but to the people they serve. As such, it’s important to prepare for the unexpected and have a strong security program in place. Not sure where to begin? Don’t worry, read on as we go over six security strategies that can help you and your organization stay safe.
Our six security strategies when it comes to information security
Develop strong governance
A security program can’t be effective without top-down sponsorship and oversight. This begins with the board of directors and senior management. Governance sets the tone for how any organization operates internally and externally and it establishes an approach toward risk. This should include conducting regular risk assessments to identify risks that could prevent the business from achieving its business objectives. Lastly, governance includes conducting independent audits to verify operating effectiveness. We recommend doing this in a risk-based way and verifying that you do what is promised in your policy and procedures. And don’t forget to verify that all risks are being adequately addressed.
- Understand your environment
The key to understanding your environment begins by performing vulnerability scans. We recommend starting with externally facing systems, which have the highest potential risks. Those are the ones that are on the Internet and can be touched and seen by anybody in the world. It’s critical to run scans on the systems that store protected health information (PHI) and personal identifiable information (PII) and then move to internal systems. Those vulnerability scans can give you a good lay of the land from internal systems to externally facing systems, and everything in-between. Once you know what ports and services are exposed, you should decide whether it is necessary to protect or harden them against abuse or an attack.
- Protect yourself with patching
Another part of the vulnerability management piece is patching. We hear a lot about this, and a lot of nasty exploits are out there because people don’t patch. For those who are unfamiliar with patching, it is the process of repairing an identified vulnerability. So, you should look at those externally facing systems and determine if any vulnerabilities exist. Most attacks and most vulnerabilities that get exposed are three to four years old. They’re not new ones. They’re old ones – tried, tested, and true vulnerabilities that have been there forever. Cybercriminals are banking on the fact that your patching regimens are lax or non-existent. This just makes it that much easier for them to get a foothold.
- Maintain an inventory of identified, tracked, and treated risks
While security governance establishes our risk appetite, security management establishes our awareness to those risks and how susceptible we are to attacks. That’s why it’s important to maintain an inventory, with system and data classification, that informs you about identified, tracked, and treated risks. This work can be contracted out to a third-party security firm, but you should leverage the results to help you make informed decisions when it comes to your business continuity plan. All of which are designed to protect your people and your assets.
- Store all of your logs from different systems in one, central location
Simply put, you can’t sit there and look at 80 servers. So, the key is to do central logging so you can collect all those logs in one place. In doing so, it makes it easier for you to look for and identify any indications of compromise. When it comes to cybersecurity attacks, one of the first things that hackers do if they get into your environment is to delete any signs showing that they were there. By having your logs centrally stored somewhere else off the server, it helps you protect that information to quickly see everything at a glance. Additionally, by keeping your logs in one, central server you can create alerts for things that are odd or not the norm. For example, a login oddity would result when a user logs into your domain from a known geographical location and then logs into your domain from Australia. That should throw off some alarms and alert you that something is off.
- Prepare a response plan if a breach were to occur
You can do everything in your power to avoid being breached but in the end, it can still happen. If it does, be prepared to take action with a detailed response plan. We recommend developing an umbrella plan that is very high level with specific runbooks for different groups. For example, we encourage you to develop one runbook for each server or program, as well as one for ransomware, phishing schemes, etc. This allows the runbooks to be very tactical with defined roles and responsibilities for each circumstance, which is critical. Because when something bad happens, people just want to know what their job is and what they need to do to fix it. To make that as simple as possible, having a documented plan is crucial.
Information security can seem overwhelming at first but by adopting these simple six strategies, you can sleep a little easier knowing your organization is protected. And don’t forget to vet the partners and systems you work with as these can be easy avenues for hackers to access your data. That’s why at MatrixCare we only partner with secure and highly vetted integrations.
Learn more about our security program.
Read our other blog on infosec.
The content in this presentation or materials is for informational purposes only and is provided “as-is.” Information and views expressed herein may change without notice. We encourage you to seek, as appropriate, regulatory, and legal advice on any of the matters covered in this presentation or materials.