Let’s explore each of these critical topics.
Start with Vulnerability Assessments
Vulnerability assessments form an important core for cybersecurity programs. These automated tests rapidly scan all of the systems and devices on a network and probe them for the presence of known vulnerabilities. Healthcare providers should run these scans on a quarterly basis to gain insight into the current state of their networks.
Simply running vulnerability scans is not, however, sufficient to protect your network. Every scan I’ve ever run has reported at least one vulnerability that required remediation. Providers must allocate the time and resources to address the issues raised by scans to adequately protect their networks from attack.
Build on Vulnerability Scans with Penetration Testing
Penetration tests go beyond the high-speed automation of vulnerability scans and introduce human attackers into the equation. While a vulnerability scan can identify that a printer has a known vulnerability, a penetration test can tell you that it’s possible to exploit that vulnerability and use it as a pivot point in an attack that eventually compromises your electronic health record system.
I recommend that organizations perform two different types of penetration testing on an annual basis. External testing helps you understand what your exposure is to the outside world. It identifies the vulnerabilities and techniques that a hacker located anywhere in the world can leverage to gain access to your networks. Internal testing helps you understand what an insider, or someone who has stolen an account belonging to an insider, can accomplish. Both provide you with important insight into the state of your cybersecurity controls.
Prepare an Incident Response Playbook
Unfortunately, things sometimes go wrong and even the most well-defended organizations sometimes suffer security breaches. That’s when a well-designed incident response playbook can contain the damage caused by a breach. Think for a moment about how you would react if the fire alarm sounded in your building. You would know exactly what to do. You’d quickly leave your office, lock the door and proceed to the parking lot to gather with your coworkers and wait for emergency responders to arrive and assess the situation. Do you have a similar response organized for your next cybersecurity breach, or would chaos reign?
Incident response plans ensure that you bring calm, rational thinking to times of crisis. They provide step-by-step procedures for containing the damage caused by an incident and for activating a cybersecurity response team. Make sure that you not only have a current incident response plan but that you’ve also trained your personnel on their roles and that you test it regularly. Run incident response tests periodically, just as you run fire drills.
We’re all focused on providing excellent patient care and protecting the privacy and security of patient information. Running quarterly vulnerability scans, annual penetration tests and periodic incident response drills will ensure that we’re providing that protection to the best of our ability.