Written by Dawn Dorr, Privacy and Security Customer Success
One thing the pandemic has taught us is that many roles can benefit from the flexibility of working from home – even in the healthcare industry. Yet as more organizations weigh the pros and cons of a hybrid workforce, many healthcare IT teams are already feeling its impact on cybersecurity.
In this post, we’ll discuss the new challenges privacy and security teams face and some best practices you can implement to ensure the security of your patients, data and organization as a whole. Let’s dive in.
What is a Hybrid Workforce?
With a hybrid workforce, some employees work in the office – or hospital – and others have the ability to work from home. In the healthcare industry, remote workers are typically administrators, technicians, telemedicine physicians, etc. The challenge for healthcare IT teams happens when they now have to maintain two entirely different environments – in-house and remote. And, with both settings, there are security protocols that must be set in place to protect the organization from cybercriminals and prevent breaches.
Facing New Cybersecurity Obstacles
The latest IBM X-Force report reveals that cyberattacks on the healthcare industry nearly doubled in 2020, with ransomware accounting for 28 percent of those attacks. Cybercriminals leveraged distracted IT teams and weak at-home security to unleash botnets, conduct DDoS attacks, and plague organizations across the U.S with ransomware.
So, how was this possible? Pre-pandemic security teams focused solely on protecting their in-house networks. But once employees shifted to their homes, they turned that focus to protecting the remote workforce. Match that with the stretching demands of the pandemic, and you have a lot of security gaps opening up with overworked security teams trying to patch them up as quickly as possible.
Now, as teams settle into either working remotely or in-house, it’s still challenging to maintain a security staff that looks one way in the office and then another way for remote employees. Plus, you have to monitor and support both at the same time. This gives cybercriminals the opportunity to make their move and incite breaches because they know most hospitals are struggling with security – especially right now.
Best Practices for Better Security
What can you do right now? First of all, you need to get everyone on the same page. Ensure your employees understand the reality of healthcare breaches and have an active role in protecting the company and patient information. Here are some additional critical tips:
Update patches: A common problem security teams face is making sure their machines are up to date with the latest software patches. Take the time to automate your patch updates, so that’s one vulnerability cybercriminals can exploit. Key tip: this goes for your remote devices, too, including phones, laptops, tablets and more.
Draw the line between personal and work devices: Always ensure work devices are connected to your company’s VPN and not public wireless networks, as those networks are typically insecure. Similarly, remind employees only to use company devices for business-related tasks. An AT&T survey of over 3,000 workers found that over half of respondents had used work devices for personal business such as online banking and downloading apps, and over a third had connected them to smart home devices.
Be vigilant about security: When it comes to cybersecurity, you need to take a proactive approach. It’s no longer a matter of if your hospital will be impacted, but when, and how you’re going to recover. Smart organizations are investing in sophisticated threat monitoring to always be ahead of their attackers and spot suspicious network activity to prevent threats. At iatricSystems™, we’ve partnered with Field Effect to offer Covalence.
Covalence delivers end-to-end threat detection regardless of whether your employees work in-house or from home for all-around peace of mind.
As the threat landscape continues to evolve and cybercriminals adjust their tactics, we want you to know that we’re right here with you. If you’d like to learn more about Covalence or any of our privacy and security solutions geared towards protecting you and your patients, contact us at firstname.lastname@example.org.