Cybersecurity in Healthcare
It’s no secret that as technology innovates, it is adopted by different sectors of industry and adapted to best meet its needs. Updated technology comes its own set of risks, though, so hearing of the several cybersecurity breaches that have occurred in the medical field recently is less than surprising.
No one wants to have their privacy compromised. Having your medical information leaked is no exception. Think of all the information you fill out on a medical form. Here is a sample form in case you need your memory jogged:
This one document alone has PLENTY of information to do a solid amount of damage. Now think that many facilities require more than one form with more information asked for on those pages. With all of that information scanned and saved into online databases, one simple hack exposes all of this information. What can even make this worse for some is the thought that this breach occurred as the result of someone else’s mistake. There is virtually no reason why you would want your cybersecurity compromised. However, if it happens as a result of you failing to check that the website was safe or something along those lines, one could at least act as an adult and admit their fault in the event. In this scenario, you did nothing wrong. You filled out the paperwork under the trust that this facility prioritized your well-being–medically and otherwise–and they failed to uphold their end of the bargain.
There are so many new technologies being introduced to the medical field. Smart devices, cloud usage, personal health devices: these all require training on how to document and secure collected data. One minor slip-up is all a hacker needs to access this precious information. With constant changing and innovation, though, it is difficult to reach every person, especially in large medical facilities like hospitals.
What these facilities need is a strong and updated cybersecurity plan and protocol. By setting clear, detailed standards for how data is to be collected, stored, and shared is crucial in ensuring the safety of all patients and their information. This plan also needs to be reviewed and updated annual at a minimum. The frequency of technology shifts, updates, and advancements today requires this minimum to increase your likeliness of preventing a data breach.
Our friends at Fortinet sponsored a white page entitled “Perspectives on Cybersecurity in Healthcare” last June, and it’s got some great tidbits of information for how to approach your facility’s cybersecurity. In this document, their recommendations are as follows:
A strong cyber defense strategy should address how to prepare and monitor attacks, respond and ultimately recover from breaches. At a minimum, security architecture should be able to stall adversarial efforts, thwart attacks at each phase and facilitate a rapid response. Today, there are several cybersecurity frameworks that organizations may use as guidelines – such as ISO, COBIT and NIST – to develop security architecture. By overlaying these with counter-responses to the tactics, techniques and procedures that a threat adversary may employ, Chief Security Officers can develop a robust defensive infrastructure. Many of these defensive strategies can be broadly characterized into the following three classifications:
1. Mitigate threats before they enter a network by having the basic controls in place -such as ensuring that operating systems and anti-malware, web filtering and antivirus software on servers and endpoints are updated and patched to reduce the risk of vulnerabilities and infections. At a primary level, preventive measures can be employed by implementing layers of firewall technology to stop known attacks. At a secondary level, the potential damage of a breach can be mitigated through automated alerts and notifications that quickly activate appropriate response measures according to security protocols. By training employees and building a culture of cybersecurity from the C-suite down to the trenches, many breaches can be prevented upstream through user awareness of potentially malicious links, emails, websites, advertisements and files.
2. Discover threats that have entered or tried to enter systems. No organization can prevent every cyberattack, but it is important to build a response system that can alert your security staff, rapidly identify a breach and its scope, and notify other enforcement points so that a breach can be contained without extensive collateral damage. Depending on the adversary, an organization may be better served by disrupting and throttling an attack rather than responding with a knee-jerk reaction that tips off an adversary to engage in additional attacks.
3. Respond to any threats that have breached the network. In addition to deploying sandbox appliances which can test and detect novel threats, it may be recommended for some organizations to deploy internal network firewalls and mitigate an attack once a network has already been breached. Depending on the extent to which data is stored on internal or external servers, organizations may need to develop coordinated responses to a breach with other entities.
Cybersecurity is not limited to online shopping and social networking profiles. It is the responsibility of all to verify that all data is kept secure. If you’re looking to improve your organization’s cybersecurity, Heart Technologies may have the right solution for you. Give us a call at 877.494.3278 today to set up a consultation.