Healthcare data is an especially attractive target for cybercriminals. Information that can be readily changed, such as a credit card number, is not as valuable as data such as Social Security numbers, birthdates, current and past addresses or next of kin, which are often found in medical records. Because this data is permanent, it can be exploited over a long period of time for crimes such as identity theft.
This makes cybersecurity a particularly challenging issue for many healthcare organizations. In fact, the 2018 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey found that 76 percent of healthcare organizations had experienced a “significant security incident” over the previous 12 months. And the ECRI Institute ranked ransomware and other cybersecurity threats as Number 1 on its “Top 10 Health Technology Hazards for 2018.” In that report, ECRI further noted that cyberattacks can not only cause financial damage but also “significantly impact care delivery by rendering health IT systems unusable, by preventing access to patient data and records, and by affecting the functionality of networked medical devices.”
For the healthcare industry, cybersecurity is becoming a more serious concern. To protect healthcare data, hospitals and other medical care providers should take several steps that can improve security. These steps comprise a multilayered approach that is essential to effectively deploy security solutions and services.
Start with the Cybersecurity Basics
For advanced cybersecurity tools to be worth the investment, organizations must first focus on basic blocking and tackling steps to protect data. A healthcare cybersecurity strategy must include such efforts as patch management, password protection and access management. As they begin discussions about security, organizations should assess the tools and tactics they use, such as firewalls, web and email security, and authentication controls, as well as password policies. Unless they have established a solid foundation with these basic measures, healthcare organizations will find it difficult to advance their security efforts further.
Tap Network Segmentation to Prevent Unauthorized Access
Keeping sensitive patient data separate from the rest of the organization’s network can help safeguard this data from attackers. Organizations can achieve this network segmentation by deploying firewalls, routers and virtual LANs to restrict access to specific areas of their networks. Even if a cybercriminal can gain access to the organization’s network, these areas remain off-limits.
Segmenting networks also prevents unauthorized access by users who have legitimate access to other systems. For example, an organization may segment data for financial and human resources applications on one area of a network while moving patient data to a separate system, enabling access only by medical personnel.
Update Existing Security Tools and Processes
Cybercriminals are constantly adapting to security measures and finding new ways to attack. Organizations must keep pace in this cybersecurity arms race, or they risk finding themselves victimized. Simply installing security tools is insufficient; these solutions must be maintained and updated over time to ensure they remain effective. For example, a hospital that installs an endpoint security tool but fails to update it will likely find that it is ineffective at detecting and stopping more advanced attacks over time.
Similarly, hospitals should regularly update their security processes. Advanced attacks require IT personnel to respond quickly and effectively. Older processes are less likely to be ready to address new threats.
These steps are important for healthcare organizations that want to protect patient data, but they are just the start. Hospitals and other medical providers should also take steps to integrate their security systems and to train users to identify threats. One piece of good news: An effective security environment can even help to enhance productivity.
This blog post brought to you by: