With the current critical and dangerous events unfolding, there is no avoiding discussion of unsettling threats – particularly cyber threats.
Similar urgent warnings have been issued by the American Hospital Association (AHA). The AHA highly recommends staying on high alert for a possible cyberattack on US healthcare systems due to the ongoing geopolitical crisis.
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a “Shields Up” advisory, with urgent recommendations that all organizations, regardless of size, whether they belong to public or private sectors, must secure and enhance their cybersecurity posture.
⚠ Action Needed: Collaborate with your IT or cybersecurity team to assess your risks, gaps, and vulnerabilities and follow CISA’s recommended steps in the “Shields Up” advisory. Click here for more information - https://www.cisa.gov/shields-up
The CISA highly discourages everyone from exceptionally risky practices, such as;
Use of unsupported (or end-of-life) software.
Use of known/default passwords and credentials.
The use of single-factor authentication for remote or administrative access of devices.
We cannot control what cyber actors may choose to do or exploit, but we can take steps to protect ourselves and our organizations.
It is best to adopt a proactive stance rather than wait and react when data breaches and exploitation have already occurred. Protected Health Information (PHI), Electronic Medical Records (EMR), and devices such as computers and mobile devices are prized targets by cyber aggressors.
⚠ Action Needed: If you do NOT fully understand the challenges you may be facing with your organization’s current cybersecurity status, please do NOT ignore the reminders. Discuss these matters with your IT or cybersecurity team. Find out if your organization is appropriately protected. Be PROACTIVE!
The Cybersecurity and Infrastructure Security Agency (CISA) further stresses that all organizations must implement cybersecurity measures. Refer to the table below:
Cybersecurity measures | Suggested steps |
1.Reduce the likelihood of a damaging cyber intrusion. |
|
2.Take steps to detect a potential intrusion quickly. |
|
3.Maximize the organization’s resilience to a catastrophic cyber incident. |
|
In other words: PREVENT – RECOGNIZE – PROTECT.
Finally, be emergency ready. We could not stress enough how unpredictable the current situation is. Being prepared for emergencies is critical. Maintaining a disaster and emergency response plan helps organizations and patients alike. This ensures that vital medical information remains available and accessible during a crisis.