Thursday, January 07 | Thought Leadership, Post-Acute Care, Human Services

Cybersecurity in Conversation: Experts Answer Must-Know Questions

By Netsmart

With over 45%1 of ransomware attacks targeting healthcare organizations, it is imperative that you take proactive measures to ensure you don’t become part of this statistic. 


To help bolster your organization’s cybersecurity strategy, Netsmart hosted the webinar Cybersecurity in Healthcare: Assess Threats and Reduce your Risk. 


In this interactive conversation, industry insiders Randy Pargman, Binary Defense senior director of threat hunting and counterintelligence; Sharon Hicks, MBA, MSW, OPEN MINDS senior associate; and Mike Murray, Netsmart director of Plexus Technologies, answered audience questions about the threat landscape and shared strategies for risk mitigation. 


Below, these experts unpack the most-asked audience questions. 


If I have multi factor authentication (MFA) and up-to-date antivirus, do those measures protect me from most cyberattacks?


Regardless of MFA protocols, logged in users are a vulnerability. MFA alone doesn’t solve for the risk of a credentialed user making an error that ushers a cyber attacker into your network. Once these intruders gain access, they can move laterally across your network if not identified quickly.   


Cyber attackers commonly ensure their email phishing attempts include a malware tweak that is undetected by antivirus, a threat known as a zero-day attack. Since antivirus only protects against known malware, cyber criminals targeting healthcare agencies can commonly bypass antivirus security.


Pargman points to the value of using a 24/7 Security Operations Center (SOC) where expert security analysts quickly catch and identify any risks or irregularities in user behavior. With continuous, 24/7 professional monitoring, an attack can be identified and contained before complete system penetration and an ensuing lockdown. 


With the majority of cyberattacks occurring on weekends or after traditional business hours, it is vital that your organization implement Managed Detection and Response (MDR) software for around-the-clock protection.


For small providers with equally small budgets, what do you recommend in terms of security strategies? 


For Murray, conducting an IT security risk assessment is important, as it provides visibility into current vulnerabilities. By conducting an analysis, organizations can then direct funds to protect the most vulnerable points. This helps leadership invest in strategies that will have the greatest impact on securing their data, rather than spending valuable budget on strategies that don’t mitigate your highest risks. 


Murray also heralds the value of education. “Education doesn’t cost a lot—educating teams about best practices for password and email security is truly invaluable.” By educating staff, organizations can shore up behavior-based vulnerabilities, adding a foundation of protection. 


If an organization outsources IT or their electronic health record (EHR) is hosted by a third-party cloud provider, what are the partner’s responsibilities if there is a breach? 


Hicks advocates for confirming your legal and business associate agreements (BAA) have liability written into the contracts before agreeing to a partnership. She added, “From a legal perspective, make sure that, regardless of what is going on, [your partner] is in the same boat with you.” 


Working with a cloud services provider experienced in hosting healthcare data is a must. This partnership provides an extra layer of security for your data if an attack occurs on an endpoint. While a breach across endpoints would devastate an organization and could interrupt the continuity of care, the impact of a HIPAA-related data breach would most likely be contained by your hosting provider’s security measures. 


With so many people working from home due to the pandemic, how can I ensure my remote workforce is accessing the network securely?


Organizations are encouraged to leverage a virtual private network (VPN) and other similar security solutions for remote users. Murray underlines the importance of frequent software updates to these solutions to ensure the latest security patches have been applied. He also urges organizations to do their research and bypass VPNs that don’t leverage multi-factor authentication (MFA). 


Murray again stresses the importance of visibility, particularly with a remote workforce. Home computers are a point of vulnerability. The best practice for remote users is to provide associates with company-issued devices. “Without this type of visibility and control, you’re going to be completely surprised when you find out your patient records were sold on the dark web, and you didn’t know you had a breach.”


With threats of cyberattack only increasing, it is vital for healthcare providers to build strategies to protect invaluable data. By starting with a foundation of education, providers can disseminate knowledge among staff, ensuring a collective approach is taken toward cyber security. 


To hear the entirety of this dynamic conversation, listen to the webinar here.


1 Beazley Breach Briefing, 2018


Meet the Author

Netsmart - color - PNG
Netsmart ·

From the CareThreads Blog

Webinar Recap: What’s Next for MCOs After EVV Compliance

Wednesday, September 28 | Value-based Care,Thought Leadership

As the upcoming EVV compliance timeline is quickly approaching, we thought it would be interesting to discover how the initial phase and implementation of EVV has affected managed care organizations (MCOs), and their provider networks. This blog recaps a recent Netsmart webinar that addressed the details of this topic with the talented Dr. Melissa Berdell, Director Fraud, Waste and Abuse at Highmark Wholecare.


Question, Persuade and Refer: The Importance of Suicide Prevention Training 

Wednesday, September 21 | Human Services

By understanding mental health and suicide go hand-in-hand we can take the first step in reducing suicide risk and help heal our families, friends and loved-ones heal and grow forward as a community.

CareThreads Blog Stock Image for SiteCore (370 × 158 px) (1)

Part 5: Current State of Peers in the United States - Demographics and Economic Impact

Monday, September 19 | Human Services,Thought Leadership,Value-based Care

In our most recent blog, The Role of Peers and Mutual Support in Alcoholics Anonymous, we discussed the fascinating history of Alcoholics Anonymous and its contributions to today's health care continuum. Evolving in parallel to the mental health peer movement, AA and its affiliate organizations, e.g., Narcotics Anonymous came to identical conclusions about the unique value of mutual support. Join Denny Morrison, as he unpacks how often peers are used, how they are credentialed and how they affect the economics of health care in the United States.