According to Andrew Jahnke, founder and chief technologist for managed IT and custom cloud service provider RainTech, there is no such thing as being “too small” to be a target for hackers.

All healthcare organizations are susceptible to cyberattackers seeking to exploit weaknesses in the security of a computer network.

Ultimately, preventing a cyberattack is much less expensive than reacting to a hack or breach, which is why Jahnke recommends a thorough assessment of your organization’s cybersecurity to get a baseline for the current level of readiness and identify areas for improvement.

This list offers a detailed collection of key areas that medical practice leaders should examine to be prepared for a possible cyberattack.

Cybersecurity assessment

Number of users _________________________________
Number of workstations ___________________________
Number of physical servers ________________________
Number of virtual servers _________________________
Number of locations ______________________________

Endpoint protection

Antivirus Brand: _________________________________

• Installed on all workstations?
• Installed on all servers?
• Are definitions monitored for automatic updates?
• Do infections automatically produce alerts?
• Does someone respond automatically?
• Does it have a web browser plug-in and classify search results?
• Does it provide sandboxing for executables?
• Can IT provide a recent status and threat report?

What is the next renewal date? ____________________

Network protection

Firewall make/model: ____________________________

• Is the firmware up-to-date?
• Is packet inspection enabled? 
• Does it have intrusion prevention enabled?
• Does it use a sandbox solution for downloaded files?
• Does it have antivirus scanning enabled?
• Does it have anti-spyware scanning enabled?
• Does it have flood protection enabled?
• Does it have Geo-IP blocking enabled?
• Does it look for and filter botnet traffic?
• Does it have a web content filter enabled?
• Are internet-facing servers protected from brute force attacks?
• Can IT provide a recent status and threat report?
• Are guest networks completely isolated from the business network?
• Is internet usage monitored?

What is the next renewal date? ____________________

Email protection

Email filtration product: ___________________________

• Is email encryption available?
• Are filtration rules administered by IT?
• Are executable attachments blocked by default?
• Are links re-written and scanned when accessed?
• Are artificial intelligence (AI) and heuristics used to stop spoofed email?
• Is outbound mail scanned, or only inbound?
• Are data loss prevention filters in place for outbound email?

How is the SPF record configured? ____________________________________________________

Network administration/management

List any users who have local administrative permissions on their computers:  ___________________

• Is user account control enabled on all workstations?
• Are all users’ passwords set to expire automatically?
• Are password length and complexity required?
• Are accounts locked out after multiple unsuccessful login attempts?
• Are screensavers engaged automatically after inactivity?
• Is multifactor authentication used?
• Is patching managed and monitored on all workstations and servers?
• Are non-user account passwords stored in a secure location?
• Are non-user accounts documented for use?
• Do all accounts follow principle of least privilege?

User instruction/policies and procedures

• Do you have an acceptable use policy for organizational computers?
• Are users given security awareness training?
• Are users sent phishing messages to find out who needs additional training?
• Are risk assessments conducted at least annually?
• Has a remediation plan been produced?

Backup/disaster recovery

How often are backups taken? ___________________________

How long are backups retained? _________________________

• Is there a written policy for disaster recovery/mitigation?
• Are backups “air gapped” from potentially infected workstations?
• Do backups go offsite automatically?
• Do failed backups produce alerts?
• Are backups tested periodically?

Advanced security measures

• Do you have/utilize a security operations center (SOC) that monitors 24/7?
• Do you utilize a security information event management (SIEM) system?
• Is host-based intrusion detection in place?
• Is network-based intrusion detection in place?
• Are servers monitored for ransomware-like activity?
• Are monitors in place for administrative changes (e.g., domain admins)?
• Are independent penetration tests performed periodically?