In a recent virtual meetup Healthcare IT Today did with Proofpoint, we took a look back at the year that was 2021 when it comes to cybersecurity. The speakers shared some of their key takeaways and learnings from this last year and offered some practical insights for healthcare CISOs and CIOs that are looking at how they can improve their cybersecurity efforts.
While we’re not able to share the entire event, we wanted to highlight a number of the insights and perspectives that stood out at the event.
Insight #1
Many healthcare organizations still need to do basic security hygiene. While we like to talk about the latest and greatest in IT security, many organizations would benefit from stepping back and doing some of the basic security efforts they still haven’t done. Ryan Witt, Managing Director, Industry Solutions Group and Resident Healthcare CISO at Proofpoint, shares a few of what those basic efforts might be.
Insight #2
While we often talk about security solutions, Drex Deford, Executive Healthcare Strategist at Crowdstrike, shared that one of the best things healthcare organizations can do to secure their environment is to cleanup their aging and often randomly pieced together infrastructure.
Insight #3
DeFord went on to explain that everyone’s security efforts have limits. This is why he suggested it’s important to have good health IT governance so you are able to say No to good security efforts which will then allow you to say Yes to great security efforts.
Insight #4
One of the most interesting insights from Witt was an observation that healthcare security may be suffering from the unintended consequences of meaningful use. Very little of meaningful use was focused on security. Now, we’re a bit behind the eight ball in that regard.
Insight #5
Witt also shared where most of the money is lost when it comes to cybersecurity. Plus, he highlighted how deeply focused cyber criminals are on the monetization angle. One of the themes of the discussion was that business email compromise is one of the easy ways to exploit these monetization angles. For example, it’s much easier to train someone to review LinkedIn to execute a business email compromise attack than it is to train someone on network protocols in order to hack your network.
Insight #6
It was carried one step further when DeFord suggested that attacks have gotten much more sophisticated as the attackers have become more corporate and the compromises more lucrative.
Insight #7
Another area where cybersecurity has evolved is efforts to compromise someone’s credentials. Witt described compromising a user’s credentials as the nirvana of healthcare security compromises. He’s right since once your credentials are compromised, attackers can quickly breach the network without people noticing. Plus, they often sit on those credentials and quietly learn the best way to compromise your organization.
Insight #8
As we wrapped up the event, Witt summarized one of the key strategies every healthcare CIO and CISO should be thinking about in their cybersecurity plans. He observed that attackers are really targeting their attacks, and we as a healthcare organization need to better target our defenses. Not every person and not every email address has the same risk. Healthcare leaders need to gain access to the right data that will help them prioritize and focus their security efforts.
We’d love to hear your thoughts in the comments and on social media with the hashtag #HITsm. What did you think of these insights and perspectives? What would you add to them?
Learn more about Proofpoint: http://www.proofpoint.com/healthcare
Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.
And for an exclusive look at our top stories, subscribe to our newsletter.
Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our media Kit.
