Amid heightened cyber-threats, healthcare providers should reinforce four fundamental security routines Credit: Andrey Popov / Getty Images Three federal agencies – the FBI and the Departments of Homeland Security and Health and Human Services – issued a security alert for hospitals last week that they have credible evidence of an increased and imminent cybercrime threat to U.S. hospitals and health systems. The call to action is for the entities to protect their network infrastructure from these threats immediately. Last week, ransomware hit six hospitals that took their systems down. These six hospitals have openly shared the incident, but we do not know how many other hospitals were also affected. The following four routines should be fundamental to every healthcare institution. Over-communicate CIOs and CISOs must devote their effort to over-communicate in the upcoming weeks on the security announcements, emphasizing organizational vigilance. Christiana Care, CISO with Anahi Santiago, worked profusely on sending out multiple enterprise communications focused on situational awareness and calls of action for IT and hospital operations. She has also partnered extensively with her enterprise storage vendor on preparedness and response. Back up appropriately Health systems have invested a large portion of their budget in state-of-the-art backup automation tools. The key is to test the backup regularly while practicing restoring data regularly. College of Healthcare Information Management Executives (CHIME) reminded their members about the 3-2-1 backup rule: Ensure that you have three copies of your data (your production data and two backup copies) on two different media with one copy off-site for disaster recovery. Update and patch Ensure that all servers, workstations, and security tools have the latest updates and patches. Prioritize the highest risk areas and do not lose sight of the remote workforce. Organizations are promoting the virtual workforce, and that also means IT security will follow your employee as they are shifting the work environment and connecting to your enterprise assets from anywhere. Cyber insurance Having a cyber insurance policy is a prerequisite for all healthcare organizations. Ensure that the insurance policy covers the different attack scenarios and, most importantly, as an institution, decide early on whether the strategy is to pay the ransom if attacked. The majority of healthcare CISOs prefer not to pay if the choice is theirs. Hospital and health system leaders must emphasize the importance of information security with the same priority as handwashing. Organizations must also practice their downtime process routinely vs. the typical once-a-year exercise. As clinicians work and live in the digital world, they may not remember or even know how to practice medicine during downtime using paper. Related content opinion Generative AI in enterprises: LLM orchestration holds the key to success In the dynamic landscape of AI, LLMs represent a pivotal breakthrough. Unlike traditional AI, which demands frequent data updates, LLMs possess the ability to learn and adapt in real-time. This mirrors human learning and positions LLMs as essential f By Shail Khiyara Dec 06, 2023 10 mins Generative AI Artificial Intelligence opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security opinion Illuminating the black box: why CIOs should consider publishing an annual IT report Publishing an annual IT report allows CIOs to offer visibility into operations and execution through a business value lens. Utilize this formula to reclaim control of your IT narrative. By Michael Bertha and Duke Dyksterhouse Nov 15, 2023 10 mins CIO IT Leadership opinion How the new AI executive order stacks up: B- The executive order represents a step in the pivotal regulation and advancement of AI in the United States. However, it has its challenges and ambiguities, which warrant further scrutiny and refinement. By Rudina Seseri Nov 09, 2023 6 mins Government Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe