How Memorial Sloan Kettering (MSK) implemented controls to address a ransomware or malware attack.

How Health Care Providers Can Thwart Cyber Attacks (Part 1)

This is an excerpt from the paper “How Health Care Providers Can Thwart Cyber Attacks”, focused on the Key Messages and the MSK case study. 

BCG — Boston Consulting Group
Michael Coden and Mike Czumak
Edited by Joaquim Cardoso
July 27, 2021
Credit to the image: MSK Imaging Center

Key messages

  • Health care providers and hospitals should focus on six primary threats: (1) Hacking; (2)Phishing; (3) Malware; (4) Espionage; (5) Compromised Accounts; and (6) Unauthorized Data Disclosures
  • Five Steps to Take Immediately:
  1. Determine and prioritize the most critical data and cyber-physical assets
  2. Assess the risks and determine the key actions for reducing them
  3. Educate and render risky employee cyber behaviors “irrelevant.”
  4. Develop crisis management and cybersecurity incident response teams.
  5. Conduct tabletop exercises (TTXs).
  • To ensure their systems are protected by cyber threats over the long haul, hospitals need to consider six strategic imperatives:
  1. Design cybersecurity measures into systems from the start
  2. Ensure continued IT system hygiene and governance
  3. Map the cybersecurity strategy to the business strategy
  4. Scale systems safely and cost-effectively
  5. Assume an attack is inevitable
  6. Prepare for simultaneous disasters 

The MSK Case 

Memorial Sloan Kettering Cancer Center (MSK) has implemented a number of technical controls to address each step of a ransomware or malware attack.

Other hospitals can similarly adopt these actions, which include (among others) 

  • email protections, 
  • multifactor authentication (MFA), 
  • privileged access management (PAM), 
  • advanced malware prevention, 
  • network security, 
  • data activity detection, and 
  • enterprise security information and 
  • events management (SIEM). (See Exhibit 1.)

About the authors

Michael Coden

Managing Director, BCG Platinion
New York

Mike Czumak
Chief Information Security Officer, Memorial Sloan Kettering Cancer Center

Originally published at on April 14, 2021.

PDF version of the Full Version:

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Related Posts