3 Cybersecurity Actions to Take Now


Healthcare remains a high-profile target for cyberattacks. Following Russia’s invasion of Ukraine, providers across the globe are on high alert.

Elizabeth Southerlan and Santiago Doria

5 min read

Healthcare officials across the globe are on high alert about the possibility of increased cyberattacks following Russia’s invasion of Ukraine. They are urging providers to bolster their defenses, and to do so quickly.

Hospitals in England were warned to make sure their systems are “patched and protected.” Similarly, US officials are calling on health systems to double down on their cyber defenses. The Cybersecurity and Infrastructure Security Agency and the American Hospital Association issued alerts about the potential rise of malware attacks from criminal hacking groups and nation-state adversaries.

Cyberattacks against health systems have been on the rise for the past few years. Roughly 74% of breaches reported to the HHS’ Office of Civil Rights last year were attributed to hacking incidents. That figure mirrors findings in a recent survey from HIMSS in which 67% of respondents said their healthcare organization had a significant security incident over the past 12 months. The two most common were phishing attacks (45%) or ransomware (17%).

We’ve all seen the reports of ransomware and other attacks crippling a hospital or health system for days as data and information systems were lockdown. The Internet of Things further complicates the matter as hackers can also gain access to medical devices, both within a hospital’s four walls or those connected to a patient. Recall in 2017 and 2018 that the Food and Drug Administration issued security bulletins about vulnerabilities in pacemakers. And the massive WannaCry ransomware attack of 2017 impacted radiology devices in some hospitals, HHS’ Office of Inspector General noted in a brief last summer.

With heightened attention to cybersecurity, now is an especially critical time for leaders to ensure that their policies and protocols are up to date. We’ve outlined three steps leaders can take immediately:

  1. Protect core infrastructure: Be sure to patch weaknesses on VPNs and other network entry points. Many hospitals and health systems remain reliant on Windows-based systems. Some of the most dangerous malware attacks seek out vulnerabilities in Windows. CISA’s alert calls attention to two — HermeticWiper and WhisperGate — which the agency says have been found in Latvia, Lithuanian, and Ukraine. Mimikatz, an open-source malware program, has also been utilized to expose vulnerabilities.

  • Check on business associates: Providers need to ensure that business associates are reviewing and updating their systems and security protocols to prevent hackers from finding a backdoor. By some estimates, attacks on business associates increased 18% last year. Additionally, the rise in telehealth presents a host of new vulnerabilities, as Elizabeth wrote last October. And the National Institute of Science and Technology has laid out security factors around remote monitoring. Keep in mind that shoring up data systems or diagnostic equipment differs significantly from what can be done for medical devices;

  • Make cyber hygiene a priority: The HIMSS survey identified phishing (71%); human error (19%); and laptop, tablet, or devices (10%) as leading causes for a security incident. Organizations should conduct refresher training with employees on good cyber hygiene, including proper data storage and how to protect laptops. You should run phishing and spear phishing drills to remind employees how to spot fake emails and to protect against the accidental release of malware onto the network.

These are the blocking and tackling of cybersecurity and should be done on a routine basis, not just when there is a rise in the threat level. Perhaps the most critical step leaders can take is to build a culture of security across the enterprise. Every employee needs to view themself as part of the defense system.

  • Elizabeth Southerlan and
  • Santiago Doria