Skip to main content
Request info

Website designCompliance and accessibility2 min read Cybersecurity in 2022: What you need to know

Healthcare is the center of attention right now. Unfortunately, hackers are taking notice too.

July 22, 2022The Coffey Team

Healthcare is the center of attention right now. Unfortunately, hackers are taking notice too.

The healthcare industry experiences cyberattacks more often than any other industry. Hospitals, labs, pharmaceutical companies and insurance providers are common targets. These systems are loaded with sensitive information—and the cost of a data breach is high. Healthcare companies incur an average of $9.23 million in costs per breach, according to IBM’s 2021 Cost of a Data Breach Report.

The industry is fighting back. From 2020 to 2025, healthcare entities are expected to spend $125 billion on cybersecurity. But the key to successful action is understanding the challenges and how the situation is evolving. Here are a few things to keep in mind.

COVID-19 and the current state of cybersecurity

Telehealth and remote working mean that networks have many endpoints outside the enterprise firewall. Even under the best of circumstances, this can make a network more vulnerable. But it’s even more complicated since phishing is a favorite tool of hackers.

Employees are urged to be on the lookout for phishing. But providers and staff are stretched thin. And phishing messages look more legitimate than ever. It’s a dangerous situation that can easily give hackers access to an entire network.

Many hackers aren’t satisfied with gathering data. Ransomware attacks are becoming more popular. Extortion happens in about half of these incidents. The new trend is disabling restoration platforms in order to increase the pressure for institutions to pay up.

It has the makings of a disaster. But it doesn’t have to be.

How to defend against cyberattacks in 2022

A solid cybersecurity plan starts with experts who specialize in this field. However, staffing itself can be a challenge, especially outside of metropolitan areas. For many organizations, cybersecurity is a new area—and therefore without a budget, structure or resources. It can be daunting.

However, protecting your organization calls for both enhanced technology and common sense. Here are steps to consider:

  • Train employees. IBM found that 95% of data breaches are caused by human error. It can be hard to train during a staffing shortage, but many organizations are opting for firsthand experience. They’re creating their own phishing emails to show employees how easy it is to be fooled. The system then takes users to educational content, like a video.
  • Revisit passwords. Complex passwords make a difference. Mandate changing passwords frequently. Consider implementing two-factor authentication.
  • Invest in infrastructure. Start with an endpoint detection and response (EDR) platform. It secures end devices. Free EDR tools are available, but hackers often reverse engineer them. So it’s a good idea to purchase stronger protection. The next step? A security information and event management (SIEM) platform to monitor EDR data, identify risks and prevent damage. Finally, consider a mobile device management (MDM) platform. It will overlap with the EDR and allow IT to lock down USB ports on devices to protect data. It can also wipe devices remotely.

Additional steps you can take for both remote employees and those in the office include:

  • Ensure endpoint protection (antivirus) is updating at least daily.
  • Ensure device firewall is enabled.
  • Ensure OS and web browsers are up-to-date.
  • Whether on the road or at home, only connect to secure wireless (WPA or WPA2)

Cyber security is equally important in monitoring your external website and auditing 3rd-party plugins for vulnerabilities that may be present. Contact us by email or phone to sign up for a free audit of your website.