Cyberattacks on Hospitals: Top Lessons from Critical Infrastructure Breaches

Author: Jeff Bell, CISO, Advisory Services

The lessons learned from analyzing breaches in 2020 has underlined the need for healthcare providers to double-down on security. The recent Colonial Pipeline attack has, once again, demonstrated the vulnerability of US corporations to ransomware attacks and the significant impact to patients, businesses and our communities.

In a recent Briefings from HIPAA article, I was asked to weigh in on the 2021 Breach Barometer from Protenus. There certainly is progress being made, there are a few key takeaways from this and the latest attack for healthcare IT leaders to be aware of:

  • Fewer patients were impacted from a higher number of overall breaches according to the Protenus report. This is evidence that progress is being made in cybersecurity programs.
  • Work from home has opened new security gaps. In the rush to implement and expand capabilities in response to the COVID-19 crisis, shortcuts were possibly taken that violated security best practices. Examples include:
    • Using older laptops with unsupported operating systems
    • Permitting use of personal devices to access the corporate network
    • Loosening security posture requirements for remote connections
  • Hospitals and healthcare often lack enough qualified security professionals to perform all that is needed for a strong security posture, including patching, periodic and consistent vulnerability and penetration testing, monitoring of networks and systems, investigation of security events, and incident response. (See the NIST Cybersecurity Framework for a more complete list of essential security functions.

The recent Colonial Pipeline attack has elevated national impact due to the role of Colonial in the US critical infrastructure. Likewise, the over 400 hospitals and thousands of healthcare sites where CereCore provides IT services are also a component of the US critical infrastructure.

Cybersecurity Guides and Resources:

In support of our customer’s security efforts and all US health systems, I’ve compiled a list of helpful cybersecurity guides and resources.

I hope you find these resources helpful to protect your own organization from cybersecurity risk. If we can be of any assistance in helping your health system inventory and analyze your IT infrastructure or supplement your security efforts, our teams are available for a conversation.

Connect with Us

Sign up for our newsletters or follow us on social.

Lower Call Wait Times, Consistent Issue Resolution, and Cost Savings

Learn more about the value of outsourcing support by downloading the case study.

New call-to-action

Request a Consultation

Please fill out the form below and one of our experts will promptly respond to your inquiry

Subscribe to our Blog

Get articles and insights from CereCore.