By Andrew Hollister

Despite being more than two months removed from a severe ransomware attack, the CommonSpirit Health system is feeling the ramifications of the breach. In November 2022, the hospital chain appointed a new CIO to refocus the organization’s security strategy and, in early December 2022, CommonSpirit confirmed that patients’ personal information was leaked as part of the incident.

News of ransomware attacks on healthcare facilities around the globe are appearing on a weekly—if not daily—basis. These threats have posed security questions for industry leaders, many of whom are using the recent breaches at CommonSpirit, and related incidents, as an opportunity to reevaluate their own organization’s security posture.

Safeguarding lives and protecting patient data in healthcare security environments is a constantly evolving challenge. The maturity of a healthcare organization’s security operations center (SOC) plays a critical role in protecting patients and their data.

Here are a few of the key considerations for healthcare SOC teams amid the rise of cyberattacks across the industry:

Protecting Patient Privacy

Patient health records, home to a wealth of extremely sensitive personal data, are worth more on the black market than any other data, which makes protecting electronic health records (EHRs) a top security priority. Many organizations have multiple EHR systems that communicate and integrate with other clinical systems, such as imaging, pharmaceutical, anesthesiology, and telehealth.

While technology is available to detect violations associated with EHRs, these systems are often outdated or incapable of monitoring data in real time, which presents a host of compliance challenges. As outlined by the Health Insurance Portability and Accountability Act (HIPAA), compromised data can quickly impact reputation and revenue, making it imperative for organizations to detect and respond to attacks in a timely manner.

Healthcare Specific Protection

Each industry has general indicators of compromised data, but healthcare organizations need quality data that is specific to their environment to help reduce the time it takes for healthcare SOC teams to detect and respond to threats.

A strong, healthcare-specific intelligence source ensures that organizations can detect the latest industry attacks, threats, and motives targeting healthcare. It can be used proactively to detect attacks as they happen, as well as reactively to vet if a facility has already been compromised. There is no better threat intelligence than an organization’s own data and in reviewing those assets, organizations can easily detect and respond to deviations from normal behavior.

Securing Telehealth Systems

In a perfect world, telehealth initiatives would all be consolidated under a single vendor, but oftentimes, these initiatives are outsourced to different cloud or managed services providers. Gaining full oversight of telehealth initiatives is the top challenge in protecting patient data with the second being authentication and access controls.

Whether telehealth solutions are housed in the cloud or on-premises, the network and the services must be monitored in real-time from a centralized point for an organization to best protect its systems.

Defending Devices

The healthcare IT (HIT) environment is growing increasingly complex due to the rising number and variety of medical devices, many of which represent blind spots on the network. With devices governed by contracts and HIPAA agreements, it can be difficult for organizations to know whether vendors are actually adhering to information security best practices.

Healthcare systems must have the ability to monitor network-connected medical devices, which requires complete visibility to ensure that every device is monitored and can be tied into the network access control system.

Setting Up for Success

Given the slew of recent cyber threats, now is the time for healthcare systems to revisit their security strategies. Healthcare systems are faced with the unenviable task of balancing budget allocations between patient care and cybersecurity, but it is important for executives to view investments in security as a means of supporting systemwide care objectives.

Security fundamentals may be overlooked inadvertently but ultimately remain paramount to providing the groundwork for a strong security posture. Basic security measures—practicing cyber hygiene, patching regularly, backing up data, and managing assets—can be challenging in hospitals with so many systems and disparate devices, but are crucial for risk mitigation.

Security Information and Event Management

Adopting a Security Information and Event Management (SIEM) platform can go a long way toward protecting patient data, securing medical devices and telehealth systems, and ensuring that security teams are prepared to respond when a security event occurs. A SIEM platform can offer broader network visibility, allowing security teams to see real-time traffic across the IT environment and help bridge detection and response for threats by correlating that with health records violations and other healthcare operational technology, such as medical devices and physical security.

The sensitive data held by healthcare organizations represents a natural target for ransomware gangs and other bad actors. Although the threat of cyberattacks will persist, there are steps that can be taken across the industry to help protect against such attacks and offer remediation in the case that disaster should strike, all without sacrificing quality of care.

Andrew Hollister is chief security officer of LogRhythm. Questions and comments can be directed to [email protected].