For example, when a user who works in Seattle logs in from Seattle, and then attempts to log in five minutes later from Sao Paulo, a risk-based assessment will identify this impossible travel situation and either block the authentication attempts or require multifactor authentication.
Hospitals also use IT patching systems to patch server endpoints based on criticality and known exploits. They need to ensure that they’re up to date with known vulnerabilities.
“One of the simplest ways to avoid cybersecurity threats is by keeping as many devices up to date as feasible,” McGladrey says. “If an organization learns that there is a vulnerability being actively exploited — or that a proof of concept for a vulnerability has been developed and is in the wild — they can accelerate patching the affected, vulnerable assets to reduce the likelihood of a successful attack.”
Alternatively, devices that cannot be patched can be isolated from the network so that the effect of a successful compromise is reduced.
MORE FROM HEALTHTECH: How to choose the right identity management solution for healthcare.
Be Prepared Instead of Shocked
He adds that healthcare organizations should have up-to-date golden images for servers and workstations, and offline copies of these should be stored on at least two types of media.
“Ransomware threat actors may unintentionally encrypt the golden images as part of the last stages of an attack,” McGladrey says. “It is substantially more difficult to recover from backup if an organization’s golden images are encrypted. Having an offline copy helps to mitigate this risk.”
Another critical piece of the puzzle? Organizations need to develop incident response and recovery plans for potential cyberattacks and get them to key staff as paper copies.
“The best teams play how they train, and the time to identify gaps in knowledge or in processes is not during an active breach,” McGladrey says, adding that plans should be tested on a regular basis.
Though having paper copies of the plans is less than ideal, McGladrey says the alternative is for those plans to be destroyed or encrypted in an attack, which would leave an organization to struggle through on memory alone.
READ MORE: 5 ways security incident response benefits healthcare teams.