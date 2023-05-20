Acronis explains what are the weaknesses in cybersecurity and what protections to put in place to allow healthcare facilities to protect their information systems. For criminals, protected health information (PHI) shared by patients with health care providers is more valuable than credit card numbers because medical records contain a large amount of sensitive information. The attacks launched on the Healthcare sector by cybercriminals target data that can guarantee an immediate economic return. In fact, they can be used for false invoices, blackmail and disclosure of tax information with which to obtain discounts, prescriptions and requests for medical devices.

A high risk sector

One studio of Canalys reports that the threat landscape will continue to force organizations to enhance their cybersecurity defenses, extend detection capabilities and incident response capabilities. In 2023, the demand for cybersecurity services, such as consulting, outsourcing and managed services, is expected to grow by 14.1% to $144.3 billion in 2023.

MSPs and MSSPs can strengthen the security profile of a healthcare institution by protecting any potential point of compromise. Understanding where systems are weak and what protections to put in place allows providers to gain credibility in this high-risk, high-reward niche for criminals.

Poor computer “hygiene”.

Cybercriminals interested in the healthcare sector have numerous ways to infiltrate networks and wreak havoc. Seven pain points identified by Acrons allow for theft of patient data and expose organizations to fraud and fines.

Budget limitati. Scarcity of funds is a major cause of anemic weakness in cyber defenses. More than half (53%) of healthcare facilities invest less than 10% of their budget in technology.

The weaknesses in cybersecurity

Shortage of IT staff. A limited budget often means fewer personnel dedicated to auditing, preventing and recovering from a breach. The scale and complexity of security attacks are driving healthcare providers today to delegate these responsibilities to IT professionals. That is more people qualified to manage the necessary defense measures to ensure patient data privacy and compliance with regulatory standards, such as the Health Insurance Portability and Accountability Act (HIPAA) legislation. Sistemi legacy. Outdated systems can be too expensive to upgrade or have problems compatibility. Lack of manufacturer support often also means lack of up-to-date security patches. Here are three actions MSPs can immediately take to avoid potential risks from legacy systems:

o Reduce the number of versions and vendors of software products.

o Segment networks. For example, removing vital critical equipment and similar devices from the Internet to isolate an attack or incident.

o Create a flowchart with specific responsibilities for the Security Operations Center (SOC).

Compromised medical devices

Internet of Medical Things (IoMT). One of the main points of vulnerability it consists of devices connected to cloud platforms on which patient data is stored and analyzed. An IBM study identifies between 10 and 15 connected devices on average for each hospital bed. Compromised medical devices can endanger patient safety and privacy, as well as expose entire segments of users who use these services. Piecemeal security architecture. Healthcare providers typically rely on several dedicated and specific security solutions. Often these disparate systems prevent MSPs from identifying potential causes of attacks. Consequently to fix vulnerabilities before IT criminals access sensitive data or distribute ransomware.

Poor training

Scam di phishing. Users are one of the most weak points exploited by cybercriminals. Lack of staff awareness of the risks associated with email and websites can be devastating for healthcare professionals. The US Department of Health and Human Services (HHS) is currently investigating hundreds of cases associated with phishing and hacking.

What are the weaknesses in the cybersecurity of healthcare facilities

Ransomware. Medical institutions are very attractive targets, because the administrators are highly likely to pay the requested ransom. A report published in Security Magazine points out that healthcare providers often give in to ransom demands easily. This is to avoid potentially impacting patients’ lives if they are unable to access their records or medical devices connected to the Internet.

Priority to security checks

Just as people are advised to engage in regular physical activity, healthcare institutions are also required to monitor the health of their systems. To improve the health care industry’s security profile, HHS encourages an organization-wide risk analysis and a set of best practices that include continuous vulnerability scans of all systems and devices.

Every organization has to give priority security checks, both basic and advanced. These include intrusion and threat detection systems, multi-factor authentication, data-at-rest encryption, and endpoint and device monitoring. In all of these areas, MSPs and MSSPs can offer strategic support.

The basic checks for vulnerabilities in cybersecurity

antivirus;

file/data backup and restore;

data loss prevention;

gateway e-mail/web;

encryption for files at rest/stored/in transit;

firewall;

incident response plan;

security policies, procedures and awareness;

vulnerability management;

sistemi mdm (mobile device management).

Advanced security checks

anti-theft devices;

business continuity and disaster recovery plans;

digital forensic data;

multi-factor authentication;

network segmentation;

penetration testing;

threat intelligence sharing;

vulnerability analysis.

The weaknesses in cybersecurity

It is imperative that healthcare providers continue to invest in the IT infrastructure to protect patients’ personal information and ensure compliance with all regulatory requirements. MSPs and MSSPs play a vital role by identifying and remediating system vulnerabilities, for their customers to be protected always optimally. Every organization needs to deal with cyber security in a way proactive and unresponsive.

Backup and disaster recovery solutions

Partnering with Acronis provides MSPs and MSSPs with these capabilities. Cyber ​​Protect Cloud, for example, detects and blocks ransomware with the Active Protection feature. While Acronis backup and disaster recovery solutions can quickly bring healthcare facilities back to full operation if systems are compromised.