Healthcare providers need to take advantage of opportunities in security to relieve concerns and ensure the utmost protection for patients.
Cyber-attacks are expected to increase- it’s inevitable. As technology evolves, and more information is recorded, online data only becomes a bigger target. According to a survey of 400 global C-suite executives by the management consulting firm A.T. Kearney, 85 percent believe cyberattacks will become more frequent and costly. We’ve already seen this happen with breaches like the massive cyberattack in over 100 countries in May 2017, along with other smaller breaches throughout the past year. This survey also notes that the top operational challenge C-suites face is cyber security (43 percent). If cyberattacks are expected to remain persistent, cyber security solutions need to be a main focus of businesses around the world.
Healthcare Industry and Cyber Security
The healthcare industry is particularly vulnerable to such threats. Because they store large amounts of valuable personal information on thousands of patients, healthcare providers have a large target on their backs. This information is often only secured by weak, out of date software. Many healthcare employees also have, or can obtain, access to this sensitive data. Human error is a major risk, and this information can be leaked either accidentally or intentionally. Because healthcare providers are such easy targets, hackers have a quicker return on investment. All of these risks make healthcare cyber security extremely important.
Of the 43 percent of C-suites that agree cyber security is their top challenge, their top two concerns are weak defense systems and recruiting and retaining qualified IT talent. Both of these areas have recently led to serious security issues in the healthcare sector. Let’s first consider the Bupa breach reported this summer.
Bupa Healthcare Data Breach
This data breach occurred when an employee leaked personal information on 547,000 customers including names, birthdates, nationalities, and some contact information. Although no financial data or medical information was released, the worry is that cybercriminals will use the stolen information to trick customers into releasing more data. Although this is not a cyberattack or external data breach, it is still a relevant concern regarding cyber security. David Kennerley, director of threat research for Webroot, said, “The data breach really highlights the fact that employees can still be an organization’s weakest link with regards to security.” A disgruntled employee’s actions can lead to immense losses in customers, brand, and stock price.
Other Healthcare Cyberattacks
Such internal breaches are not limited to Bupa. The Detroit Medical Center recently announced a protected health information breach of 1,529 patients. Like Bupa, one of DMC’s employees stole and released private information. A slightly different situation occurred at University of California Davis Health in May. Despite supposed email security measures and annual cyber security training for employees, a UC Davis employee responded to a phishing email with their email account login information. The hacker then used the login information to access the account. With this account, the cybercriminal could access the employee’s emails and both view and take patient PHI. They also used the employee email account to message other staff members asking for large bank transfers. These emails were reported and the account was shut down, but the potential for damage was already done.
Cyber Security Concerns
All three of these incidents in healthcare organizations connect back to, and expand on, the C-suites’ primary concerns with cyber security. An important part of cyber security is monitoring who has access to what data. According to Michael McKinnon, security expert at Sense of Security, “Any data anyone has access to in the business needs to be the very least amount they need to do their job. If you start to give more privilege than needed, that’s where you open yourself up to potential exposure”. Employees should only have access to the necessary data for their job, and proper defense systems need to be in place so that, should they try to access further information, they are blocked. Furthermore, security programs need to protect the internal network from phishing emails, as these are an easy way into the company’s database.
When handling sensitive information, companies need to be confident in their security measures to defend against breaches. One way to protect the system from phishing emails and other attacks is through hardened platforms. The purpose of a hardened platform is to eliminate vulnerabilities. A system is more vulnerable when it performs more functions, so hardened systems increase security by serving a single function. For healthcare organizations, the most useful function may be a hardened file transfer solution to protect information as it is moved within the company. Internally minimizing possible attack methods through changing default passwords, eliminating old software, and disabling unnecessary software can allow the hardened platform to be exposed to the public without any additional security. Many programs expose a “back-door” entry to the system, so these must be removed in system hardening.
C-suites believe their greatest opportunities for growth are in adopting new technology (38 percent) and improving their business models and strategy (36 percent). Healthcare providers should integrate these two opportunities to target problem areas, such as internal security and cyber security education, to take preemptive measures to defend against both internal and external security breaches. Implementation of new technology should include a focus on mitigating risk on a hardened platform with methods like multi-factor authentication, improved security platforms, and regular software updates to develop a solid cyber security program.
Seventy-eight percent of C-suite executives agree that technological innovation, including artificial intelligence, distributed computing, and biotechnology, will improve global productivity. However, it is important to note that as potential in productivity of artificial intelligence grows, so does the potential for AI cyber threats. It is critical that companies stay knowledgeable on the most recent AI cyber security programs in order to stay ahead of the game.
Healthcare providers should always make cyber security their number one priority. When data is secure, patients are protected. This data from the survey on C-suite executives is valuable to the healthcare industry as they focus on building efficient cyber security programs. Healthcare providers need to be constantly aware of their potential vulnerabilities in the context of cyber security and develop a variety of solutions to remain protected against attacks.
Check out a summary of the data from the survey in the infographic below.
Share this Image On Your Site