THE ITAM NEWSLETTER

Cybersecurity In Healthcare – How To Stop Duplicating Efforts, Secure Your Environment, And Save Money

Author: Jeremy Boerger, The ITAM Coach​

Share this Article

Cybersecurity In Healthcare - How To Stop Duplicating Efforts, Secure Your Environment, And Save Money

It’s no surprise that cyberattacks are targeting healthcare organizations. The United Healthcare ransomware event stands out, but it’s just the largest and most recent. According to the Department of Health & Human Services’s Office for Civil Rights, cyberattacks on healthcare have grown exponentially in recent years. Large breaches increased by 93% between 2018 and 2022, and large breaches involving ransomware increased by 278%. There’s no sign of a slowdown anytime soon.

During my career as an independent ITAM consultant and coach, I’ve helped several large healthcare organizations tackle these problems, so the topic is of significant interest to me.

Enter CISA’s Mitigation Guide for the Healthcare and Public Health Sector. In October 2023, CISA published a comprehensive guide that offers recommendations and best practices for combating the industry’s pervasive cyber threats.

Why Are Healthcare Organizations So Vulnerable To Cyberattacks?

The following chart from the CISA guide clearly outlines the vulnerabilities that bad actors have become so skilled at detecting. These vulnerabilities are why healthcare is at the top of the target list for ransomware, data breaches, and denial of services:

Why Are Healthcare Organizations So Vulnerable To Cyberattacks?

How ITAM Bolts Into Cybersecurity (Or…I Saw This Coming)

Back in 2021, I anticipated that cybersecurity, IT asset management, and service management would have to start effectively communicating, sharing information, and reacting to issues that the other teams find in order to mitigate threats and stop bad actors in their tracks. While securing your system is of the utmost concern, it may seem like an overwhelming and expensive proposition.

 

A new methodology was desperately needed that would enable asset managers to methodically uncover the information they need to get a clear picture of their asset landscape. This is why I developed the Pragmatic ITAM Method which today is used by large organizations, including hospital groups, to secure their systems and save millions.

Important Recommendations From The CISA Mitigation Guide For The Healthcare And Public Health Sector

You may want to read the entire 24-page guide at some point, but the TL;DR version below highlights some of the important recommendations and how your ITAM team can make it easy to apply them:

1. Asset Inventory

As an initial and priority mitigation strategy, CISA recommends “implementing and maintaining an inventory of assets for your environment.” Knowing which assets are on your organization’s network is fundamental to cybersecurity. In other words: “You can’t secure what you can’t see.”

 

Pragmatic ITAM encourages a mix of electronic inventory tools—agent and agentless—as well as visual inventories to provide the most complete view of your computing environment. This may seem difficult at best, but it can be a piece of cake if your ITAM team is using this pragmatic approach to asset management.

 

CISA also recommends “tasking designated personnel within your organization with maintaining the inventory by updating, tracking, and adding or removing assets—especially during procurement or decommissioning stages.”

 

Guess what? Your ITAM team is already doing this! An essential tenet of the Pragmatic ITAM Method is to encourage teams to stop duplicating efforts and work together instead. When ITAM and ITSec teams treat each other as data customers and partners, it’s powerful.

2. Access Management

CISA recommends you “terminate access as soon as a user leaves your organization or changes roles.” When ITSec works with ITAM, knowing which assets (hardware and software) are impacted by end-user-driven changes becomes easy. Another tenet of the Pragmatic ITAM Method means a “Quick Win” the ITSec team can get credit for.

3. Device Logs And Monitoring Solutions

The guide states, “To protect devices and prevent threat actors from moving laterally through your organization’s network, consider implementing an endpoint detection and response (EDR) solution.”

 

As EDRs become more prevalent, they also become a good electronic inventory source for ITAM!  ITAM can use this data to help reduce software licensing costs and SaaS subscription charges.  A true “Win-Win Scenario.”

4. Vulnerability And Patch Management

CISA recommends that “your asset inventory should list all your organization’s enterprise assets, such as devices, operating systems, software, and services that will be assessed for vulnerabilities.”

 

Pragmatic ITAM allows and encourages ITSec to have its own inventory. But it must share those details with ITAM and ITSM so all three can improve their inventories simultaneously. If ITSec does its job on the improved inventory, collaboration with ITAM will be useful not only by reducing the cost of ownership but also by helping build a cost/benefit case around getting rid of shadow IT—the bane of cyber security agents.

 

Now that’s a “Win-Win-Win Situation!”

5. Configuration And Change Management

CISA recommends, alongside established vulnerability and patch management solutions, “HPH entities should implement security configuration management (SecCM) to identify and address misconfigurations in default system settings.”

 

Pragmatic ITAM says there’s no need to reinvent the wheel here. Again, your ITAM team is likely already doing this for ITSec. Lean into your ITAM folks and use them!

6. Secure by Design

The guide states, “Forge strategic partnership relationships with key IT suppliers. Reinforce the importance of security by design practices in both formal contracts and vendor agreements and informal aspects.”

 

This is also an ITAM function! When Pragmatic ITAM methods are followed, ITAM cost savings is considered at the same time as you’re improving your cybersecurity stance. This means: YOU CAN STOP THE BAD ACTORS AND SAVE MONEY AT THE SAME TIME!

 

The guide also recommends that you “collaborate with industry peers and cultivate working relationships with industry partners to understand the products and services that best embody secure by design principles.”

 

Again, your ITAM team is likely already doing this. When you stop duplicating their efforts, it’s a win-win-win for your organization and your department!

In Conclusion

ITAM is already doing a lot of the functions that CISA recommends – so why not leverage them? By directly engaging ITAM you can turn your cybersecurity initiatives into a cost optimization activity as well. As with any mandate the healthcare leadership is going to assume this means more cost to comply.

 

When cybersecurity is putting effort into reducing costs (a function where Pragmatic ITAM excels), some of that cost savings can go back to them to help with their mission to improve their technology stack protections, etc. Sounds good? Let’s schedule a research call! 513-394-6317.

Next: Explore the key partnerships between ITAM, ITSec, and other departments in your healthcare organization more deeply – check out my book, “Rethinking Information Technology Asset Management.” It lays out the Pragmatic ITAM Method to help business leaders and IT executives who are tired of cybersecurity events (or near-misses), missed budget forecasts, unexpected software audit penalties, and untrustworthy CMDB and MDR reports.

Share this Article

Leave a comment

Your email address will not be published. Required fields are marked *

Jeremy Boerger<br><a  ITAM Coach</a>

Jeremy Boerger
The ITAM Coach

Jeremy Boerger has over two decades of experience within the Information Technology sector. His signature Pragmatic ITAM Method is used by major manufacturing, healthcare, and global financial institutions. It enables them to Spend Less On Software Without Buying Less Software.

Categories

Categories

Recent Posts

Subscribe to my blog

Buy The Book:

Rethinking Technology Asset Management

If you’re a business leader or an IT
executive who is tired of hearing:
This is just the way ITAM is.
Then this book is for you. Buy here:


Screen Shot 2022-03-31 at 9.31.11 AM
Jeremy Boerger<br><a  ITAM Coach</a>

Jeremy Boerger
The ITAM Coach

Jeremy Boerger has over two decades of experience within the Information Technology sector. His signature Pragmatic ITAM Method is used by major manufacturing, healthcare, and global financial institutions. It enables them to Spend Less On Software Without Buying Less Software.

Categories

Categories

Recent Posts

Recent Posts

Subscribe to my blog

Buy The Book:

Rethinking Technology Asset Management

If you’re a business leader or an IT
executive who is tired of hearing:
This is just the way ITAM is.
Then this book is for you. Buy here:


Screen Shot 2022-03-31 at 9.31.11 AM

CONTACT THE ITAM COACH

Schedule a call with me and find out if you could be managing your assets more efficiently with the tools you already have. There is no pressure or obligation.
(You may not even need me!)

Submit the form or:

Share this Article

Share this Article

mobile-logo-resized mobile-btn-resized-final
Boerger Consulting

Don't Sweat Your Next Software Audit!

Get the knowledge you need to succeed from one of the world's top ITAM practitioners.

Subscribe To The ITAM Newsletter