Episode 10: Hospitals in Need of Cybersecurity STAT!
Hospitals in Need of Cybersecurity STAT!
The medical industry is an appealing target for cyber attackers due to the vast personal information hospitals and facilities maintain. With one targeted effort, attackers can obtain anything from patient and employee medical and financial records to medical research and innovations. Records like these are more valuable for resale compared to a simple credit card number.
In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes guests John Riggi and Ed Mattison. Riggi is the Senior Advisor for Cybersecurity for the American Hospital Association (AHA) and Mattison is the Executive Vice President of Operations and Security Services at CIS. Together they discuss how hospitals and other medical facilities can protect themselves against cyber attacks.
This week’s Cybersecurity Where You Are podcast highlights:
- Why the medical industry is so appealing to attackers
- The challenges of protecting medical facilities
- How a defense-in-depth strategy plays a role in a hospital’s cybersecurity plan
- Malicious Domain Blocking and Reporting (MDBR) for hospitals
Hospitals are Easy Targets
With an increase in technology used by the medical industry, there is an ever-growing need for hospitals and other medical facilities to protect themselves from cyber attacks. Phishing and ransomware are the most popular tactics used by attackers. They are easily executed and equate to large payouts. These activities are devastating for hospitals financially, and even worse, have led to full shut-downs of facilities that prevented them from providing care to its patients.
DiD starts with DNS
A defense-in-depth (DiD) strategy is a way to create layers of defense – if something gets through one layer, there are multiple opportunities to catch it down the line. It can also be a digestible means to get started with a cybersecurity plan without feeling overwhelmed. Domain name services (DNS) are used by anything and everything that goes online. Using a secure DNS provider is an easy way of implementing protection on a large scale quickly and cost effectively.
Malicious Domain Blocking and Reporting for Hospitals
A defense-in-depth (DiD) strategy is a way to create layers of defense – if something gets through one layer, there are multiple opportunities to catch it down the line. It can also be a digestible means to get started with a cybersecurity plan without feeling overwhelmed. Domain name services (DNS) are used by anything and everything that goes online. Using a secure DNS provider is an easy way of implementing protection on a large scale quickly and cost effectively.
.
Episode Resources
Visit the CIS Website https://www.cisecurity.org/
The American Hospital Association https://www.aha.org/
Learn more about MDBR for hospitals https://www.cisecurity.org/hospitals/
*While MDBR was offered at no cost to U.S. private hospitals for a limited time, that offering has been discontinued in favor of MDBR+, a low-cost, cloud-based secure DNS service that provides real-time reporting, custom configurations, and off-network device protection. Learn more about MDBR+ here.