Cyber security in Healthcare

Healthcare organisations have increasingly been targeted where initial attacks commonly go unnoticed.  It is no surprise to many hospitals lack new technologies and best practices to defend against such threats which is what makes them the perfect victim.

This can leave organisations vulnerable to losing highly sensitive information, costing you time, money, patient satisfaction, and valuable resources.


Cyber-attack’s have been seen to lock staff out of their computer systems, resulting in many hospitals having to cancel or delay treatment for patients.  I’m referring to the recent Ransomware attack that affected many British National Hospitals.  This is only one method of a Cyber attack and there will be a steady increase i imagine.


I’m keen to encourage organisations to move to the cloud it is important for me to educate organisations especially healthcare organisations to make them aware of the risks so I can help them identify and reduce threats to data security and privacy across their infrastructure.


Devising a framework is the first step to help protect devices, Operating systems and sensitive data against ransomware attacks, malware and cyberattacks.


With the steadily increasing attacks on the public sector it is vital that the patients and healthcare users can be confident that their information is protected from such cyberattacks.


3 B’s is a strategy i use to focus my efforts around that include:


Block – The first point of defence is to block attacks that reach your perimeter.  Tools such as Exchange Online Advanced Threat Protection (ATP) & Microsoft Active Protection Service (MAPS).  By enforcing these technologies you raise the complexity for cyber attackers and can prevent breaches.


Barricade – In the event an attack gets past your perimeter it’s critical where possible to contain the attack.  To protect administrative access you can leverage Secure Privileged Access (SPA) as well as using Windows Defender as the anti-malware capabilities for real-time analysis and response.


Backup  – In an effort to ensure business continuity it’s important to ensure correctly configured backups are in place where Microsoft can further protect in their own datacentres rending the data inaccessible to attackers.


Healthcare often measure their IT strategy based off their local regulatory compliance check list however it’s about time they go beyond the compliancey checklist and expand into the following areas to help mitigate vulnerabilities and risk:


This list has been extracted from Microsoft and serves as a best practice framework to measure the Cybersecurity plan within the public sector or healthcare organisation:


  • Develop a “where used” matrix (“Do you know where your data is?”)
  • Employ a data backup and recovery plan for all critical information
  • Perform and test regular backups and isolate critical backups from the network □ Include recovering from a cyberattack in disaster recovery plans
  • Use a different communication mode if breached (hackers may be listening on the current system)
  • Employ an end-to-end data encryption strategy; control your encryption keys □ Ensure business associates are working with your security and compliance needs
  • Employ analytics in your security (behavioural, machine learning, partner information, advanced □ threat analytics) □ Work to minimize “Shadow IT,” still a major challenge □ Whitelist apps to help prevent malicious software and unapproved programs
  • Keep software up-to-date with the latest patches and support
  • Keep anti-virus software current □ Apply the “least privilege” principle to all systems and services
  • Educate users, patients, affiliates, and others
  • Restrict permissions to install and run unwanted apps