October is recognized as Cybersecurity Awareness Month by the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA). To celebrate and promote online security , we're posting a series of articles throughout the month. Each week, one of our cybersecurity experts weights in on a foundational cybersecurity topic. This week it's Access Point CIO Anthony Rivera on patch management. Enjoy, and stay tuned for next week's Expert Insight.

Hospitals and healthcare providers have increasingly become targets of cyberattacks, which pose significant risks to patient care and safety. This document examines the various ways in which cyberattacks can disrupt hospital operations, compromise patient data security, and ultimately affect the quality of patient care. It also explores strategies and best practices that hospitals can implement to mitigate these risks and enhance their cybersecurity posture.

Segmentation in network environments is nothing new. It’s common for administrators to segment the network based on logical functions and security controls. For example, the finance department is one segment, and the sales department is another segment. All segments can send traffic to email servers (for example), but user traffic does not enter finance or sales segments unless the user is authorized to access them.

The healthcare sector faced a staggering 156% increase in breached records in 2023. The concern goes beyond just alarming statistics: Breaches pose a direct risk to patient safety by disrupting essential healthcare services, including eligibility verification, prescription processing, and hospital discharge procedures.

Network administrators, security analysts, and software developers have a technical approach to risk management, whereas executives and a business’ board of directors have an economic one. The board of directors wants to know the monetary impact and responsibilities surrounding threats and risk management.

Email protocols and the system that allows us to communicate with electronic messaging have been around for decades. The original system built in the 1970s wasn’t created with spoofing and phishing in mind. Weak communication protocols between sender and receiver have led to numerous critical data breaches from email-based attacks. The success of attacks stems from the way email protocols work, but businesses can protect themselves using DMARC policies set up as DNS entries.

Whether you’re a healthcare provider or a third-party contractor storing protected health information (PHI), you likely wrestle with HIPAA compliance. HIPAA is one of the more strict compliance regulations and it’s difficult to navigate...

In the business world, particularly cybersecurity, organizations often struggle to respond efficiently and effectively to incidents. The lack of standardized processes can lead to chaos, delays, and significant impacts on business operations.

It’s not uncommon for large healthcare organizations to support patients via thousands of systems––servers, network hardware, and Internet of Things (IoT) devices particular to the medical practice. Healthcare organizations are primary targets for attackers and are required to follow strict regulations to stop data breaches. HIPAA violations are costly, and unpatched hardware leaves healthcare systems vulnerable to numerous threats including malware, ransomware, security bypasses, and possible remote code execution. Patching systems with the latest update is critical to data protection and risk management, and it keeps the company compliant with HIPAA guidelines.