Threat brief outlines steps to improve computer security in health care.
Health care systems must continue bolstering their cyber postures, the overall strength of organizational cybersecurity, according to the federal Department of Health and Human Services (HHS).
The cyber posture includes protocols for predicting and preventing cyber threats, and the ability to act and respond during and after attacks, said “Strengthening Cyber Posture in the Health Sector.” It is the latest threat brief published June 16 by HHS’ Health Sector Cybersecurity Coordination Center (HC3), which works with HHS’ Office of Information Security and the federal Cybersecurity & Infrastructure Security Agency (CISA).
The health care sector remains a popular target for cyberattacks because of the amount of data and relatively vulnerable computer systems, according to HC3. The cyber posture threat brief cited reports from the law firm Baker Hostetler, which published its “2022 Data Security Incident Response Report” in April, and the nonprofit analyst CyberPeace Institute, which in March 2021 published “Playing with Lives: Cyberattacks on Healthcare are Attacks on People.”
HC3 advised the following steps to strengthen an organization’s cyber posture:
HC3 offered ways to reduce the likelihood of a cyber intrusion:
CISA offers free tools and services to increase cybersecurity. The federal Office of the National Coordinator for Health Information Technology also has a security risk assessment tool to conduct security risk assessments as required by federal rules and agencies including the Centers for Medicare and Medicaid Services.
Beginning in 2020, there was a noticeable increase in the number of phishing and social engineering attacks that attempted to divert, or successfully diverted, wire transfers direct deposits and automated clearing house payments, according to the Baker Hostetler report. The firm reported that shift started in 2020 and continued last year.
Baker Hostetler offered its top five tips to prevent fraudulent transfers: