Home - Article

Featured Article

March 04, 2020

10 Hospital and Healthcare Cybersecurity Best Practices


We’ve been warning hospitals and healthcare organizations since before 2016 that they are major targets of cyber criminals. In 2016 the costs for these attacks was $6 billion and it has only grown worse since then. Just last year we broke the news a total of ten global hospitals were hit with ransomware at once! If this is not an ominous sign of the need for enhanced security in this sector, we don't know what would be.

Here is our list of Hospital and Healthcare Cybersecurity Best Practices:

1) Be alert… New threats arise by the day and the only way to keep from becoming a victim is to understand that hackers are always looking for vulnerabilities. Just today in fact the FDA warned of potential cybersecurity weaknesses in bluetooth low energy medical devices.

2) Understand the weakest link in cybersecurity is often the person using the equipment. Phishing scams are rampant and a great way to hack into computers, networks and medical equipment. The best way to reduce this risk is with team cybersecurity training as well as ongoing phishing simulation.

3) Keep equipment and software patched… Organizations need a policy that describes what percentage of their systems are kept patched. Typically, 100% is not feasible due to interference with work schedules as well as the potential for patches to interfere with other programs. Set a number that works for your organization ad stick to it.

4) Understand that as a medical worker, you are on the frontlines of protecting the most valuable information there is… PHI which commands a hefty price on the dark web. A cybersecurity culture must permeate your organization.

5) Understand ransomware attacks on healthcare facilities are more likely to be paid because of the real-time nature of what you do. See #2 for how to combat the threat.

6) BCDR or business continuity disaster recovery solutions are crucial for every organization as there is large a chance you will be a victim of a hack or some sort of outage. These solutions allow your healthcare facility to function – even if primary servers are disabled.

7) Remember, internal threats are a potential problem for all organizations but the high value of PHI means there need to be controls in place – perhaps an MSP or MSSP which you work with to ensure another set of eyes are on your systems to reduce the risk of an internal data theft incident.

8) Bring in outside companies to audit and document as well as pen test – ideally, this should be done bi-annually or quarterly.

9) Encrypt information at rest – if you do this, even if a breach occurs, it is likely the data stolen is of little use to the attacker.

10) Audit and log everything you can because if you do get breached, you will need this information to find out what happened.

For quality, reliable IT service, cybersecurity and tech support in Manhattan, New York, Connecticut and beyond, contact 5-star and award-winning Apex Technology Services and keep your organization protected. Please contact us for more information and learn how we can help your organization stay secure.





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!