Data Security at Dayton Area Hospitals
October 7, 2022
Data Security at Dayton Area Hospitals
October 7, 2022
Cybersecurity News

Data Security at Hospitals

2022 Ransomware Impacts to Hospitals

As ransomware continues to cripple hospitals across the nation, it’s becoming increasingly important for Dayton Area Hospitals to invest in data security (both customer and company). Cybersecurity has been something hospitals have been focusing on for years, yet ransomware attacks continue to bring entire networks down. Just this year alone, Emsisoft analyst Brett Callow estimated 15 health systems impacted by ransomware. Those 15 systems operate 61 hospitals and at least 12 of the incidents dealt with PHI.

Cybercriminals Continue to Focus on Healthcare Systems

Just this month alone, there have been several reported IT security related incidents. The second-largest nonprofit healthcare organization, CommonSpirit Health, had an “IT security issue” that impacted multiple locations. This Chicago-based organization has more than 1,000 facilities, 140 hospitals, and spans over 21 states. One of the medical centers within this organization, MercyOne Des Moines Medical Center, ended up shutting down their system as a result.

Although the overall data impact to patients is still unclear, this still resulted in ambulances having to be diverted to other hospitals, shutting down health record systems, canceling prescription refills, and procedures having to be rescheduled.

What Steps can Dayton Medical Facilities take to Secure Information Systems

The biggest step these organizations can take is investing in staff training. Securing Data at a hospital requires a robust information security program. And the majority of IT at these facilities are focusing massive resources on creating incredible programs and securing information systems.  But these systems and programs can only do so much, especially when phishing attacks continue to be the top attack in infiltrating information systems.

There are two areas of staff training that every medical facility should invest in:

  • The first is annual cybersecurity training. This training needs to cover all of the basics. Topics should include things like phishing, ransomware, password security, and portable storage device safety. There are several companies that offer annual training that covers all of these areas. YouTube can also be a great resource for finding videos on these topics to utilize as training.
  • The second training is phishing simulations. These simulations provide real-life examples of attacks that are currently dominating the cyber world. They need to be provided on a monthly basis (at a minimum) in order to increase the phish-detecting muscles for the entire staff. Many organizations use companies like KnowBe4, which can be a great resource if you have someone on staff that can manage the program.

For the companies who may be looking for the best of both worlds, there are organizations like Phishbuster Academy that provide both of these trainings into one package. This training center offers programs that combine ongoing cybersecurity training, which delivers a new topic each month, and mixes in phishing scenario training throughout the year.

Dayton Certified Cybersecurity Technician Training

One last thing medical organizations can look into is training someone on their IT to become a Certified Cybersecurity Technician. This certification was created by the EC-Council, a leading provider in cybersecurity certifications, and is the basic start point for anyone getting into cybersecurity. This is one of the few certifications that dedicates over 50% of the training time diving into examples of incidents these professionals will be facing in the cybersecurity world, giving them a solid foundation to your information security program. If this is something that may interest you, please contact LMS to get additional details.

As always, LMSolutions is here to help hospitals and medical centers throughout Dayton and the Midwest. If anyone in your organization has any questions regarding information security, or is looking for a free consultation on what your company can do to create a more secure information security program, contact us HERE right away.