EXECUTIVE SUMMARY:
On Monday, the European Union’s Agency for Cybersecurity (ENISA) published guidelines for hospitals to follow in guarding against cyber attacks.
The report “…offers cybersecurity guidelines for hospitals when procuring services, products and infrastructure.”
As hospitals turn their attention towards cyber threats, security should be integrated into the fabric of different processes within the healthcare ecosystem. It shouldn’t be an after-thought or deemed a low-status priority.
Guidelines include:
1.Involving the IT department in the procurement process. Although it may sound like a no-brainer, involving the IT department in the procurement process ensures that cyber security issues are addressed from the get-go. This leaves fewer surprises for later on and can facilitate simpler integration between legacy architecture and new technologies.
2. Implementing a process to identify vulnerabilities and to manage them effectively. Obtaining security with built-in threat intelligence and forensics can help in discovering previously unknown vulnerabilities and software that requires patching.
3. Create a policy around hardware and software updates. Historically, medical groups have been lax when it comes to installing patches. However, without reliable technology, the ability to provide care could grind to a halt.
ENISA recommends that IT departments collaborate with necessary groups to establish a routine schedule for applying patches across various segments of the network. The IT team is also advised to develop ‘workarounds’ for vital machines that are too costly to replace, but too old to be patched.
For more information on this story, visit ZDNet.