This year celebrates the 10th anniversary of National Health IT week. Health IT serves to improve the quality of healthcare delivery, decrease medical errors, improve patient safety, and improve patient outcomes. The industry has seen massive advances in networked medical devices and electronic health records over the past few years.
Unfortunately, as noted by a recent CSO Online article, because personal health data holds literal life or death information for patients as well as the private records of physicians, it becomes a major target for attackers to leverage. The article goes on to show that the health industry is subject to 340% more security incidents when compared with other sectors, such as manufacturing, technology, or even law.
The threats that used to face healthcare organizations varied from theft to employees losing data. As the years have progressed alongside the dawning of the Internet of Things, so has the threat landscape. Data breaches are now direct, targeted assaults like phishing, social engineering, and web/database attacks. Healthcare companies are actually four times more likely to encounter malware attacks; healthcare is also 74% more likely to receive phishing emails than any other industry.
If an attacker manages to get a foothold into a healthcare organization, where there are electronic devices recording patient information and transmitting it, not only is patent information at risk, but also all the critical care devices running on the same unsecure network are at risk.
These attacks have become increasingly prevalent because healthcare organizations are in the process of moving all of their data to electronic health records, and then that data is shared with healthcare providers, clinics, insurance companies, and other industry participants. Hackers now have a broader attack surface for the healthcare industry, and because the surface has increased so quickly, it also means that healthcare is not as battle-hardened as those in other industries.
To prevent data breaches, enterprises should take security measures very seriously.Public Key Infrastructure (PKI) is a proven method for securing networked medical devices. Digital Certificates encrypt communications, preventing potential hackers from intercepting. PKI also provides the key components of authentication for users, systems, and devices.
In addition to data encryption, it is essential to have security policies and training in place to enforce employee accountability. A focus on strong policy and proper training develops continuous awareness within an enterprise.
With healthcare IT facing attacks on all fronts, it is imperative that businesses keep in touch with the latest cybersecurity best practices as well as maintain a diligent awareness of all possible data breaches. Solid security processes will keep patient safety and healthcare delivery a priority.