Hospitals are becoming a tempting target for cybercriminals, and cybersecurity agencies have issued advice on ensuring hospital computer networks are protected against cyberattacks.
Fremont, CA: The size of hospital networks, the importance of PCs on those networks remaining operational, and how a huge proportion of healthcare-related computer systems are left running on unsupported operating systems, this means that securing hospitals against cyber fraud is increasingly complicated. It is something that the hackers are taking advantage of, either to distribute ransomware or attempt to steal sensitive data about patients. At present, to tackle the growing threat cybercriminals pose to hospitals, especially as medical networks depend more on the Internet of Things and connected devices, the European Union agency for cybersecurity, ENISA has issued advice on improving cyber defense for hospitals. Here are four practices that are recommended for making the health sector more resilient to cyberattacks.
1. Implement a vulnerability identification and management process- In an imperfect world, there are various products out there that contain vulnerabilities, known or as of yet undiscovered. Formulating a strategy in place to manage vulnerabilities throughout the entire lifecycle of a device can help the security team to keep control of potential security worries.
2. Involving the IT department in procurement- Although it sounds simple, involving the IT department in procurement form the very beginning ensures that cybersecurity is considered in every step of the technology procurement journey. Recommendations can be made as to how the new technology fits in with the prevailing network and what additional security measures might be needed further.
3. Enhancing security controls for wireless communication- Access to a hospital must be kept limited with tight controls, meaning that the number of devices connected must be monitored and known, in order to identify any unexpected or unwanted devices attempting to gain access. It is recommended that non-authorized personnel should not have any access to the Wi-Fi and that network passwords should be strong.
4. Establishing testing policies- Hospitals are acquiring new computing products that should build minimal security tests to be performed on new devices added to the networks, including penetration testing as soon as it is added to the network, to take into account how the hackers could attempt to abuse it.