Posted in Breaches

Healthcare cyber threats require the right security pros

Chris Nerney
Chris Nerney, Contributing Writer |
Healthcare cyber threats require the right security pros

Have you received an email recently from the Internal Revenue Service (or FBI) about your filing status, or a refund, or to confirm personal information such as your Social Security number?

Hopefully you checked the sender’s mail address and looked carefully at any enclosed links before clicking on them, because that email probably is a phishing attempt.

The IRS scam is just one of many emerging attempts by cybercriminals to steal data, extract ransoms, or simply do damage to IT systems, as Healthcare IT News Editor-in-Chief Tom Sullivan writes. Healthcare networks have been favorite targets of cybercriminals in recent years, with ransomware emerging as a particularly dangerous threat.

The latest reported victim is a Delaware-based oncology group that on July 7 discovered a ransomware attack that had begun three weeks before and exposed the records of more than 19,000 patients. And while the facility found no evidence that any patient files were accessed or compromised, it had to hire an outside forensics team to help recover data and ensure the system was clean of ransomware, while also investing time and resources into bolstering security.

As digital threats against healthcare providers proliferate, cybersecurity must become a top priority. That starts with finding the best people to do the specific task required.

“Healthcare organizations hiring entry-level and senior security professionals should have certain abilities and areas of expertise in mind when studying job candidates, knowledge that differs based on the level of the job,” writes Bill Siwicki, managing editor of Healthcare IT News.

Bret Fund, co-founder of SecureSet Academy, a cybersecurity education organization, tells Siwicki, “For entry-level cybersecurity roles, candidates need to understand networks, applications, devices and how to secure them. “Differences will come once they’re in a role. In finance, for example, you’re looking through transactions and reviewing payment gateways. In healthcare, your focus changes to ransomware, exfiltration of data, and device security on a large scale.”

Fund also says the security challenges facing healthcare providers are so unique that organizations seeking to fill high-level IT security positions favor direct experience in the industry.

“Given the choice between a senior security leader from a large tech company and a senior security leader with healthcare experience, hospitals will choose the healthcare background because the job requires a deeper understanding of the implications of breaches,” he says.