By - November 05, 2024
It’s clear that ransomware and other types of cyberattacks are here to stay, and that criminals are only getting more sophisticated in their tactics. Hospitals and laboratories need to make prevention and containment key parts of their security process or chances are high that one day, they, too, will be front page news, battling loss of data, time, money, and reputation.
To determine what laboratories can do to be proactive against cyberattacks, Critical Values spoke to experts Toby Cornish MD, PhD, Professor of Pathology and Director of Pathology Informatics at the Medical College of Wisconsin, and Pathology & Laboratory Medicine Informatics Officer at Froedtert Hospital in Wisconsin, and J. Mark Tuthill, MD, Division Head of Pathology Informatics at Henry Ford Health System in Michigan.
While the U.S. Department of Commerce recently released new guidelines to thwart cybersecurity threats,1 here are some additional best practices that every laboratory should employ to get up to speed:
Security can no longer be an afterthought, Dr. Tuthill explains. “You have to have a dedicated effort, a security officer in the laboratory, and you have to engage with your security team.”
These dedicated people will need to be “constantly scrutinizing what you are doing.” And while that is necessary, it does tend to create bureaucracy, which is partly why laboratories resist it.
“Twenty years ago, there was no security office. Fifteen years ago there was a security office with two people. Ten years ago there were five, and now there are 50,” Dr. Tuthill says.
While physical wall jacks are not the first line of attack for hackers, they are still vulnerable. To counter this, Dr. Tuthill urges, “There needs to be an absolute prohibition on people bringing devices in that they can connect onto your network and do things with.”
That includes vendors, which can create a lot of challenges for laboratories as many third-party vendors have antiquated technology and require sticking thumb drives or external drives into your wall jacks or networked devices, Dr. Tuthill says.
If your laboratory does still allow outside people to plug in, then at least, Dr. Tutill says, “You should not be able to connect to the hospital network in any physical way if you are not a member of a network, and the device is not a recognized device.”
This also means tracking what hardware is and isn’t allowed.
Another prevention strategy is what Dr. Tuthill calls “network micro segmentation,” in which you might have a “guest” network separate from your laboratory’s main network. “Should a network segment become infected, you can block it from talking to other components of the network.”
He says this is done with a lot of laboratory equipment over virtual local area networks “where certain groups of devices are completely isolated from the rest of the network and only certain connections are open to allow them to do the work that they need to do for communications.”
Network segmentation may also rely upon encrypting data so that when the data is sent over the network, it can’t be stolen.
Different protections can help protect against different kinds of attacks, i.e., one that aims to steal your information versus one that aims to shut your system down so you will pay a ransom to become operational again, Dr. Tuthill explains.
Cyber criminals can play the long game and stay hidden in your system for months before revealing themselves and making demands. While data back-ups are critical to restoring systems after an attack, well-prepared hackers may compromise backups in addition to primary systems. While back-ups are critical, Dr. Cornish says that at least some of those back-ups should not be connected to your network in real time, in case they, too, are hacked.
“You should have offline or air-gapped backups so there's not a direct pathway from say, your infected systems to your backups. You want to remove them from your network occasionally,” Dr. Cornish says.
Every laboratory should be practicing “good security hygiene,” Dr. Tuthill says, “meaning that you use usernames and passwords that are complex in combination with dual authentication.”
This also means developing habits such as not sharing your password with anyone, not posting your password anywhere that it can be viewed or hacked and changing your password frequently.
Other possibilities for protection include enabling a short time window into which you can type in the password, and forms of dual authentication, such as sending a code to your phone or email.
Additionally, “If software versions or security patches are out of date, you must get them current,” Dr. Tuthill says. Upgrades to software and technology can be costly and time consuming, but they are become necessary to ensure the best security.
Most of these best practices require what Dr. Cornish calls “a robust education” in both onboarding of staff and in the form of ongoing education.
Dr. Tuthill thinks of this as creating a kind of “neighborhood watch” among staff to identify “the bad guys early on.” The sooner staff can learn to recognize scams and report them, the less likely a laboratory is to be the victim of an attack.
“It really does come down to training people and making sure that they're taking their own responsibility,” Dr. Cornish adds, which he says can be done in any size of medical laboratory. “That part of it is relatively inexpensive and can be straightforward.”
Ultimately, an attitude of complacency, assuming an attack won’t happen to your laboratory, is just a recipe for disaster, Dr. Cornish says.
References
https://www.nextgov.com/cybersecurity/2024/02/nist-debuts-finalized-update-its-cybersecurity-framework/394470/
Contributing Writer