A Comprehensive Approach to Outsourcing Cybersecurity

Getty Images
(Getty Images)

Smaller healthcare organizations, such as regional hospitals, nursing homes, rehab centers and clinics, are not immune from cyberattacks and data breaches. They’re attractive targets to hackers, especially those launching ransomware attacks, because attackers know how critical their systems are to providing care and they often lack robust cybersecurity strategies.

And if federal authorities determine that healthcare organizations’ data security was inadequate, they can potentially face hefty fines for violating HIPAA.

For example, last October, a Massachusetts-based medical management firm became the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctors Management Group agreed to a $100,000 financial settlement and three years of HIPAA compliance monitoring following a ransomware breach reported in 2019 affecting over 200,000 individuals.

Also late last year, HHS announced a $480,000 settlement in a HIPAA case centered for the first time on a phishing attack. HHS said the settlement with Louisiana-based Lafourche Medical Group, an urgent care clinic, came after the agency's investigation into an email phishing breach reported in 2021 that compromised the electronic protected health information of nearly 35,000 individuals.

But how can cash-strapped smaller organizations implement an effective security and resiliency strategy that they can afford? By taking a comprehensive approach to outsourcing cybersecurity.

Monitoring threats

Ransomware is the biggest threat these organizations face. These attacks often begin with phishing and social engineering tactics, leading to business email compromises that open the door to system access.

The Huntress 2024 Cyber Threat Report notes that while many of the threats seen in the healthcare sector, including potentially unwanted programs (PUPs), adware or cryptominers, may not seem advanced, these seemingly benign programs pave the way for bigger problems and open the endpoints to initial access brokers later down the line.

Common tactics used against the healthcare industry include pre-ransomware activity such as remote access trojans (RATs) and remote monitoring and management (RMM) abuse.

And the most common types of ransomware hitting healthcare are Dharma (29%), DarkGate (17%) and LockBit (15%), according to the report.

 

How to get started?

Small to midsize organizations often find it difficult to figure out how to get started on their cybersecurity journey. That’s where Huntress can play a role, offering an affordable, outsourced way to launch layers of defenses, including:

  • Security awareness training: Well-designed, engaging training can empower employees to make security-minded decisions, helping to thwart phishing and other social engineering attacks that hackers frequently use to target unsuspecting and well-meaning administrative staff members. Huntress SAT provides managed security awareness training that you’ll love but hackers will hate. Security experts create and manage story-based episodes, phishing simulations and reports to enable your employees to become more cyber-savvy. Your teams can gain the expertise they need to fight against social engineering, and you get the expertise of Huntress’ Security Operations Center (SOC) to fully manage your security awareness program.
  • Effective BEC defenses: Huntress’ Managed Detection and Response (MDR) for Microsoft 365 monitors your employees’ identities 24/7 to look out for signs of compromised credentials and email account takeover. This solution continuously monitors indicators and behaviors of BEC attacks, such as users logging in from suspicious locations or a malicious email forwarding rule. The company’s SOC reviews any detections, instantly isolates any compromised users and supplies you with a guided remediation plan for further necessary actions.
  • Endpoint threat detection: Fully managed endpoint detection and response (EDR) looks for signs of hackers in your environment, including pre-ransomware activity. Huntress Managed EDR combines technology custom-built for your needs with industry-leading expertise through a 24/7 SOC and a dedicated support team. Managed EDR helps minimize the “alert fatigue” that’s prevalent with other tools. It comes at an affordable price with no surprise add-ons or extra tiers, and it’s deployable throughout your network in literally just minutes.
  • Compliance and security: Huntress flips the script on the old Security Information and Event Management (SIEM) model with a fresh approach that cuts out complexity, unpredictable pricing and unnecessary data and alerts that drain budgets. Best of all, Huntress Managed SIEM is completely managed by Huntress relieving you of the pain and time wasted trying to get value of your SIEM.

 

Huntress can help smaller organizations get enterprise-level security managed 24/7 by a team of experts without having to recruit and hire more staff members.

Key factors

When launching a security strategy, factors to keep in mind include the need to:

  • Deepen your defenses. Implementing a healthy combination of EDR, antivirus, identities and virtual private networks (VPNs), especially for your newly remote teammates, will help tighten your defenses.
  • Follow the “3, 2, 1 rule.” Be sure to maintain three copies of your data on two storage devices and one offline.
  • Provide adequate security awareness training. Keep in mind, it’s essential to implement a curriculum that’s engaging so employees will actually take the courses and learn from them.
  • Take a managed approach to EDR, SIEM and identity protection to control costs. Choose a service provider who can have your back 24/7, from deployment and tuning to detections and monitoring

 

Top-tier endpoint security shouldn’t be accessible only to the biggest players with massive security teams.

Huntress enables smaller organizations to adopt solutions tailored to their needs and budgets. Its comprehensive offerings combine technology with expert oversight, including 24/7 monitoring by a team of seasoned hunters who specialize in making hackers’ lives miserable.

Worried about alert fatigue from too many false positives? Huntress’ human experts filters those out, allowing you to concentrate on genuine threats.

Be sure to look for a managed solution that can swiftly isolate and eliminate cyber threats with precision.

By partnering with Huntress, you can achieve world-class endpoint security without breaking the bank.

For more information, download the Healthcare Success Kit or contact Huntress. And be sure to look for free monthly educational resource updates on the Huntress website.

The editorial staff had no role in this post's creation.