Tech & Innovation in Healthcare

Cybersecurity Quiz Answers:

Check Your Answers to Our Cybersecurity Quiz

Published on Wed Nov 30, 2022

Is your memory as solid as multifactor authentication?

Check your work to see if your answers to the quiz questions on page 3 match up with the ones provided below.

Remember to Secure Your RPM Devices

Answer 1: Remote patient monitoring (RPM) devices, which include fitness trackers, medical sensors, and smart speakers, are produced by third-party manufacturers, and could have security holes that pose security risks for your organization’s network.

If unpatched, the security holes allow a cyberthreat actor to exploit the vulnerabilities and gain access to patient data, your organization’s network, or shut users out altogether.

Some of the risks for healthcare organizations due to unsecure RPM devices include:

Data breach: Threat actors can gain access to data if improper transport layer encryption exists between the device and your healthcare organization system.
Misconfiguration: Threat actors could use an improperly configured RPM device to attack any connected healthcare system.
Malfunctioning devices: Threat actors could alter a faulty RPM device, which may result in the physician receiving an incorrect reading from the device. This incorrect reading could cause the physician to misdiagnose their patient.
Malware: Patient safety may be at risk since RPM and telehealth devices are susceptible to malware and traditional antimalware protections may not be a reliable solution.

“RPM relies on devices that are broadly referred to as the internet of things (IoTs). Most of these devices are not designed with security in mind. As a result, they are susceptible to vulnerabilities and malware exploitation,” says Funso Richard, CISA, CISM, CDPSE, CCSFP, CHQP, information security officer at Ensemble Health Partners in Cincinnati, Ohio. Almost any device that can connect wirelessly to the internet falls under the IoT umbrella.

When implementing RPM devices, you’ll want to prioritize security just like with other connections on your healthcare organization’s network. “RPM devices have chips that execute as a computer. The chips that are associated with RPMs have the same vulnerability as CPU, GPU, and TPU,” says Eddie Hearns, MA, CPMA, CPC, Approved Instructor, of OLDME CPC LLC.

Don’t Discount DDoS Attacks

Answer 2: In the scenario presented in the question, your practice experienced a distributed denial-of-service (DDoS) attack. A DDoS event occurs when threat actors attack from several remote locations to overwhelm network resources with website requests and traffic. Ultimately, the network connections will become so inundated with traffic that it will deny service to other users. Typically, DDoS threat actors will focus their attention on routers and switches since those devices are on the edge of the network.

Published in 2022, a Comcast Business DDoS threat report revealed there were 9.84 million global DDoS attacks in 2021. The 9.84 million attacks represent DDoS events throughout the entire world, but industries such as healthcare, education, finance, and government took the brunt of the DDoS damage. Those industries were victims of approximately 73 percent of the multi-vector attacks in 2021.

The report also dissected the average duration of the service downtime. Events lasting for 10 minutes or less made up approximately 69 percent of the attacks in 2021. However, for healthcare, minutes matter when providing care to your patients. If a physician is unable to access valuable information of a patient’s medical record in a 10-minute DDoS attack, the consequences could be dire.

Relay How a Breach Will Affect the Organization

Answer 3: If a breach has already occurred, you need to inform the C-suite executives in a timely manner. However, your report should be succinct and direct, and contain only the information that directly affects the business.

Types of information in your threat status report could include:
Type of threat and scope of impact gathered from the reasonable assessment
Steps implemented to contain the cyber threat
Action(s) to remediate the impact
Additional controls implemented to help prevent future attacks

The last item on that list is crucial to protecting your healthcare organization from repeated incidents in the future. “Threats become successful when risks have not been reasonably identified and mitigated. The goal is to effectively communicate risks to reduce cyber threats,” Richard says.

Strengthen Your Passwords to Avoid Brute Force Attacks

Answer 4: The type of attack in this scenario is known as brute force. During a brute force attack, the threat actor continuously tries passwords until a password is successful and the threat actor gains access to the organization’s network. Once the hijacker has compromised the system, they can bring down the network resources with ease.

Threat actors may try to guess different users’ passwords or PINs. These attempts can be successful if the passwords are simple and uncomplicated. Cyberthreat actors may also attempt to gain access by trying several different words from dictionaries, often with numbers or special characters. This method may take longer, but the threat actor can still be successful.

You can protect your healthcare organization’s network with some small tweaks to your cybersecurity:

1) Stronger credentials: Change usernames and enact password policies that require a long string of characters involving lowercase and capital letters, special characters, and numbers.

2) Enable multifactor authentication: Add protection by requiring the user to input a password and use another security measure, such as an authenticator client that provides a unique access code that is valid for a certain timeframe.

3) Make unique passwords: Educate your staff to create a new and unique password for every website they use and account they create.

4) Password manager: A password manager can hold all your passwords in one place, so you can easily create complex and unique passwords for every account and website. When you visit a website, the password manager can populate the login credentials securely.

Click here to go back to the quiz.

Tech & Innovation in Healthcare

Virtual Reality:
Get a Feel for Challenging Surgeries With VR and Haptics
Learn how bridge platforms convince you to feel virtual objects. Physicians can use virtual reality [...]

Cybersecurity Quiz:
Can You Crack the Clues of This Cybersecurity Test?
Recall the answers to help protect your practice. Over the past year, Tech & Innovation [...]

News You Can Use:
Find out What’s Ahead for Telehealth in the CY 2023 MPFS Final Rule
Prepare for post-COVID visits with finalized POS codes. On Nov. 1, 2023, the Centers for [...]

Cybersecurity Quiz Answers:
Check Your Answers to Our Cybersecurity Quiz
Is your memory as solid as multifactor authentication? Check your work to see if your [...]

Industry Notes:
Prepare for Cybersecurity Incidents With an Updated Playbook
The U.S. Food and Drug Administration (FDA) and MITRE announced version 2.0 of the

Industry Notes:
Beware the Venus Ransomware Threat, Warns HC3
The Health Sector Cybersecurity Coordination Center (HC3) issued an Analyst Note on Nov. 9, [...]

Reader Questions:
Protect Your Healthcare Organization 24/7 With MDR
Question: I’m part of a midsize group practice. We’ve been lucky to avoid a cybersecurity incident, [...]

Reader Questions:
Can Bone Marrow Help Improve Rotator Cuff Surgery Outcomes?
Question: I recently read an article about the potential benefits orthobiologics for patients recovering from damaged [...]

View All