Healthcare IT: A Myriad of Underaddressed Security Concerns

Written by: Francesco Trama | Published on: March 24th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

2396235_s.jpgWhile security is important to all industries, Healthcare should be one of the most carefully guarded given that it is one of the most attractive to attackers. Data in this space is like an endless buffet to cybercriminals because of its quality and amount. Consider the data that your own Healthcare provider has on you – addresses, social security numbers, birthdates as well as sensitive and private health information. This gives cybercriminals a good bit to work with.

In the past two years, Healthcare breaches and attacks have steadily increased because of the value of the patient information. Today, healthcare records are considered one of the highest selling records on the black market. According to InformationWeek, “Healthcare organizations are particularly vulnerable. They house both personal health and payment information, plus intellectual property — all lucrative targets for hackers. But most employees want to heal people, not become technologists, and might view technology protections as healthcare speed bumps. As providers, payers, employees, patients, and partners, they become increasingly intertwined through shared data, transparency, and analytics, the opportunities for loss, error, or theft grow exponentially.”

The recent and rapid adoption of electronic records and data, along with pressures from HIPAA and HITECH, the Healthcare industry is in high gear to increase security without causing pain to their employees and patients.

That said, attacks are on the rise. According to InformationWeek, “Within healthcare, 46% of all breaches occurred via theft or loss, while insider abuse caused 15% of incidents, and point-of-sale intrusion generated 9% of events, according to the “2014 Data Breach Investigations Report” from Verizon. Compared to other verticals, healthcare had the highest percentage of incidents from theft or loss, the study found, suggesting room for improvement.”

 

So, what type of improvement is needed to keep healthcare data secure?

#1: Acknowledge the harsh realities of the threat.

In his famous piece, The Art of War, Sun Tzu said “Know your enemy and know yourself and you can fight a hundred battles without disaster.” Norton Anti-Virus estimates on average 82,000 pieces of malware are introduced into the world on a daily basis.  With these staggering numbers the odds are in favor of the attacker that one of these business crippling events will expose some portion of critical networks. It’s important for today’s healthcare institutions to address the reality that cybercriminals are savvy, efficient and resourceful. Also, that there are significant vulnerabilities and gaps in today’s healthcare security that need to be addressed.

#2: Understand All of the Risks.

The risks don’t end with data.  Shodan.io, the search engine for the “Internet Of Things,” shows how often continual mistakes are made when deploying new devices.  Healthcare is swarmed with IoT like devices from smartwatches to Radiology devices, each carrying an operating system several vulnerables.

#3: Educate, Educate, Educate.

Education should be a priority at all levels of the healthcare system. While patients and patient-facing healthcare workers should receive training on how to keep sensitive healthcare data safe, technicians and IT teams should receive ongoing and advanced training on how to protect the environment.

#4: Address Volume In the Healthcare Environment With Next-Gen Geo-IP Filtering.

dThe volume of traffic entering the environment speaks to the core of the problem, when it comes to healthcare security.  Therefore, the industry should be looking to reduce volume along with putting other safeguards in place. A Next-generation Geo-Ip layer that eliminates the unwanted traffic before it enters the inspection is the tool by 60-70%. Next-Generation Geo-Ip Filters give visibility where your data is going to or coming from in a blink of an eye. This enables the security team to detect and respond to threats faster and more efficiently, while positioning the organization for less risk.

Unfortunately, there is no silver bullet.  The best approach is be diligent and put many layers between you and those who wish to do you harm.  This starts at the basic level of training end users to providing a clear security environment so you can quickly address the problems that arise.

How can the healthcare industry better protect its patients? Share your thoughts in the comments section below.

{{cta(’36dfb776-476b-450d-bdea-982c80c3dbee’,’justifyright’)}}