How Health Care Providers Can Thwart Cyber Attacks (Part 1)
This is an excerpt from the paper “How Health Care Providers Can Thwart Cyber Attacks”, focused on the Key Messages and the MSK case study.
BCG — Boston Consulting Group
By Michael Coden and Mike Czumak
Edited by Joaquim Cardoso
July 27, 2021
Credit to the image: MSK Imaging Center
- The number of cyber attacks on health care systems has reached epidemic proportions.
- Health care providers and hospitals should focus on six primary threats: (1) Hacking; (2)Phishing; (3) Malware; (4) Espionage; (5) Compromised Accounts; and (6) Unauthorized Data Disclosures
- Five Steps to Take Immediately:
- Determine and prioritize the most critical data and cyber-physical assets
- Assess the risks and determine the key actions for reducing them
- Educate and render risky employee cyber behaviors “irrelevant.”
- Develop crisis management and cybersecurity incident response teams.
- Conduct tabletop exercises (TTXs).
- To ensure their systems are protected by cyber threats over the long haul, hospitals need to consider six strategic imperatives:
- Design cybersecurity measures into systems from the start
- Ensure continued IT system hygiene and governance
- Map the cybersecurity strategy to the business strategy
- Scale systems safely and cost-effectively
- Assume an attack is inevitable
- Prepare for simultaneous disasters
The MSK Case
Memorial Sloan Kettering Cancer Center (MSK) has implemented a number of technical controls to address each step of a ransomware or malware attack.
Other hospitals can similarly adopt these actions, which include (among others)
- email protections,
- multifactor authentication (MFA),
- privileged access management (PAM),
- advanced malware prevention,
- network security,
- data activity detection, and
- enterprise security information and
- events management (SIEM). (See Exhibit 1.)
About the authors
Managing Director, BCG Platinion
Chief Information Security Officer, Memorial Sloan Kettering Cancer Center
Originally published at https://www.bcg.com on April 14, 2021.
PDF version of the Full Version:https://joaquimcardoso.blog/media/c79d76537f0bd0ec6e02ac192a51c298