Three trends in health care call for extra dose of cybersecurity

Data defenses must keep pace with adoption of new technology in medical sector

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Today, hack­ers and cyber crim­i­nals have set their sights on the health care indus­try. Since the Ponemon Insti­tute began its data secu­ri­ty study five years ago, crim­i­nal attacks in health care are up 125 per­cent and are now the lead­ing cause of data breach­es. The study reports most orga­ni­za­tions are unpre­pared for the threat and lack resources and process­es need­ed to pro­tect patient data.

Ed note_WatchGuard_Ryan OrsiTo help keep patient data secure, here are some top tech trends and secu­ri­ty con­cerns in health care:

No. 1: The Inter­net of Things (IoT)

In the health care indus­try, IoT means the addi­tion of Inter­net con­nec­tiv­i­ty to devices already in mar­ket or new next-gen­er­a­tion Inter­net-enabled prod­ucts. These devices have rev­o­lu­tion­ized the indus­try by increas­ing effi­cien­cy and reduc­ing costs.

How­ev­er, all med­ical devices must be eval­u­at­ed for secu­ri­ty flaws. Since these devices weren’t orig­i­nal­ly net­worked, they may not have enough cyber­se­cu­ri­ty pro­tec­tions. As a result, it is easy for cyber crim­i­nals to use a device to gain back­door access to a health care network.

IoT devices must be patched for vul­ner­a­bil­i­ties just like per­son­al com­put­ers and cor­po­rate servers. Beyond this basic prac­tice, addi­tion­al lay­ers of secu­ri­ty are nec­es­sary to help pro­tect devices and networks.

No. 2: Mobile devices 

The math is sim­ple. More entry points into a net­work increase the chance of a secu­ri­ty breach. There­fore, the employ­ees’ mobile devices can sig­nif­i­cant­ly increase the attack sur­face of a health care organization.

Mobile phones are becom­ing an increas­ing­ly pop­u­lar tar­get for hacks. Not only can hack­ers gain access to per­son­al infor­ma­tion on the phone, but they also can use the phone as a means to launch back­door attacks from the phone onto the user’s con­nect­ed networks.

Relat­ed sto­ry: Mobile pay­ments get eas­i­er, but secu­ri­ty ques­tions remain

Health care orga­ni­za­tions must have BYOD mobile device poli­cies. From allowed and banned apps to accept­able use, these poli­cies will help mit­i­gate risk.

No. 3: Secu­ri­ty trumps convenience 

Many peo­ple enjoy the con­ve­nience of access­ing Pro­tect­ed Health Infor­ma­tion (PHI) from mobile phones and across cloud ser­vices. Although this access is con­ve­nient and the appli­ca­tions feel sim­i­lar to oth­er ser­vices, users must be mind­ful of their secu­ri­ty prac­tices when access­ing PHI.

Using encryp­tion soft­ware and prop­er pri­va­cy pro­to­cols is a small, but impor­tant step toward keep­ing per­son­al data secure.

Con­clu­sion

We can­not allow tech­nol­o­gy adop­tion in health care to out­pace cyber­se­cu­ri­ty defens­es. Tech­nolo­gies will change, and secu­ri­ty researchers, ven­dors and lead­ers need to find a bal­ance between tech­nol­o­gy and security.

Sto­ries on med­ical records security:
Cloud use increas­es data secu­ri­ty risk for health care organizations
Health care sec­tor not doing enough to pro­tect patient data
Health­care, bank­ing com­pa­nies issue eas­i­ly spoofed emails