The healthcare industry’s digital transformation calls for shifting the burden of care from the system to the patient. Technology is helping to lead this charge, as evidenced by the growing number of patients who are now able to track their own health information as well as generate data that previously was unavailable to physicians and other care providers. With the 2nd Annual Healthcare Cyber Security Summit this month – and the attack vectors targeting the industry having changed over the past couple years – it’s a good time to revisit the topic.
Mobile devices, EMRs, HIEs, cloud computing, telemedicine and other technologies are now common to healthcare settings, incrementally delivering on their promise to stretch resources and lower costs. But along with these new capabilities come new threats to patient data and the organizations responsible for managing it. Such threats are reflected through the rise of HIPAA data breaches from 2012-2013, as well as in the increase of state- and corporate-sponsored cyber attacks targeting medical device makers in 2014. As a recent webinar presented by NaviSite pointed out: the emerging Internet of Things (IoT) also raises the stakes for healthcare organizations, as reflected by Europol’s recent warning about IoT and the FDA’s determination that some 300 medical devices are vulnerable to attack.
In April, the FBI issued a sobering notification to healthcare organizations stating that the industry is “…not technically prepared to combat against cyber criminals, basic cyber intrusion tactics, techniques and procedures…” Nor is it ready for some of the more advanced persistent threats facing the industry.
It doesn’t help that medical records are considered up to 50 times more valuable on the black market than credit card records.
Whether through HIPAA data breaches, malware, phishing emails, sponsored cyber-attacks, or threats surrounding the evolving Internet of Things, the emerging threats in healthcare cannot go unaddressed. Security experts say cyber criminals increasingly are targeting the industry because many healthcare organizations still rely on outdated computer systems lacking the latest security features.
With so many mobile and internet-connected devices located in healthcare settings, determining how to secure them should be a top priority. That means developing and implementing strategies that make anti-virus, encryption, file integrity and data management a top priority.
Security experts report that, ultimately, data correlation is the key. What is important for healthcare organizations is having a system in place that empowers threat identification, classification, system analysis, and a manual review process that offsets human error, enabling 100 percent certainty regarding potential incidents.
With this in mind, how is your organization safeguarding against cyber threats? Do you rely on an in-house cybersecurity team, or has your organization partnered with a managed security service provider for this type of service?