The healthcare industry is making moves to store all information electronically which is incredibly beneficial for the patients and caregivers alike. Unfortunately, this shift has resulted in a virtual treasure trove for cybercriminals, as many organisations do not have adequate cybersecurity measures in place.
Ensuring this valuable data is secured is a huge responsibility. Afalkpui-Harley Network Administrator for The Trust Hospital Company (TTHC) Ghana, believes that healthcare providers owe it to their patients to deliver a high level of care that extends beyond their medical treatment to the administration processes of handling and securing their highly sensitive personal data.
Medical records contain personal information that on its own may not amount to much but could be used as the master key to carry out future targeted attacks. Medical histories, email addresses, passwords, ID numbers, patients and company data: all incredibly valuable and can be accessed by attackers.
Incidents over the last few years provide a clear indication of the scale and effects of attacks on healthcare providers. The WannaCry attack infected 16 health service organisations around the world, including the UK's NHS, resulting in the shutdown of critical IT systems. A study published by the Ponemon Institute indicates a dramatic 125% increase in attacks on the health sector over 5 years detailing the risk of cybercrime in the sector.
Digital transformation in the healthcare industry brings a number of cybersecurity related risks. "In our efforts to shift to digital processes, the number of devices in our organisations network is growing. While this growth helps us achieve our vision it also opens us up to cybersecurity risks", says Afalkpui-Harley. As is typical in this kind of environment multiple users have access to a single endpoint and are accessing and sharing files between doctors and departments, as well as accessing the web.
In the whitepaper – 'The Cyber-Pandemic', Panda Security outlines key issues in securing hospitals and makes recommendations for developing a comprehensive cybersecurity strategy that includes next-generation Endpoint Detection and Response (EDR) and Remote Monitoring and Management (RMM) technology, as well as assessing policies and procedures to manage user behaviour.
For Afalkpui-Harley and TTHC this new security paradigm ticks all the right boxes, allowing for full visibly and control of the network.
TTHC's strategy includes Panda Security's Adaptive Defense 360, which integrates Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) capabilities with a 100% Attestation service – classifying all running processes. Only binaries certified by Panda are allowed to run. Adaptive Defense 360 also includes an additional layer of security through a managed Threat Hunting and Investigation Service (THIS) to deliver a new-generation solution to advanced threats.
Panda's EDR model is based on three phases: Continuous monitoring of applications on a company's computers and servers. Automatic analysis and correlation using machine learning on Panda's Big Data platform in the cloud. Finally, Endpoint hardening and enforcement - blocking all suspicious or dangerous processes, with notifications to alert network administrators.
Implementing Panda's RMM tool - Systems Management alongside AD 360 allows Afalkpui-Harley and his team to regulate and manage endpoints remotely from a centralised console. Systems Management's easy-to-use, lightweight web console allows for full visibility of all of TTHC's devices and allows the IT team to take control of devices and do what needs to be done without having to travel.
"AD360 is an ideal solution for a dispersed organisational network like ours, as it requires very few resources and provides advanced protection from today's threats." says Afalkpui-Harley.
Since implementing Panda Systems Management and Adaptive Defense 360 THHC has been free from viruses and cyberattacks that cause network downtime and have been able to continue to move forward with the digital transformation of their facilities.