[BreachExchange] Put Health Data on Lockdown: How Hospitals Can Keep Patient Information Secure
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Dec 26 19:52:38 EST 2017
https://iotbusinessnews.com/2017/12/22/28511-put-health-
data-lockdown-hospitals-can-keep-patient-information-secure/
As we approach 2018, there are more things now than ever that are putting
patients’ lives at risk. Not only are people distracted by their devices
and causing injury to themselves and others, but the devices themselves can
cause harm to an entire hospital. Cybercriminals are setting their sights
on the medical field, stealing patient data in hopes of a large ransom
payout. As a result, user confidence in the privacy of wearable, IoT
devices remains low—especially potential consumers of the age-in-place
market.
Without access to patients’ records, doctors and nurses can prescribe
incorrect medications or perform procedures that can result in deadly
consequences. That being said, there’s little medical professionals can do
since there aren’t many rules and regulations related to handling
situations like these. Although many smart home devices related to optimal
health target the age-in-place market, IoT web developers need to keep an
eye on data privacy and information security measures in order to be
successful with baby boomers and older consumers, who tend to be suspicious
of devices with GPS tracking and constant connectedness.
Does that mean hospitals are now forever doomed to be the personal
piggybank of hackers everywhere? Hardly. As the healthcare profession
utilizes the benefits of becoming more technologically advanced, there are
things that can be done to keep patient data safe from potential data
breaches.
It Starts with Employees
All it takes is one person to unintentionally allow hackers to access
patient data. By holding security workshops and training sessions on HIPAA
violations and password advice, it’ll make patient data that much safer.
Even with training, it’s important to limit the number of people who can
access patient information to only the employees who need to access it.
When restricting viewing privileges, authentication procedures should be
put in place to increase data security. There more steps a person needs to
take to validate their identity, the better.
Also, since employees will have probably have one or more personal devices
on them, it’s best to institute a mobile device policy. Since hackers can
gain access to important medical records through IoT such as mobile phones,
it’s best to have rules and regulations on what can be downloaded and used
on these devices.
Responsible Data Usage
Effective data management is paramount in this age of technology. There are
many tools that can be used to further protect health data. By
incorporating data controls, certain actions can be prevented from
happening in the first place. Data sets can also be classified with
different kinds of blocks depending on each set’s protection needs.
Having a login tracking tool is useful to see who is accessing information
on which device, what location, and what date and time. This information
becomes crucial if a hospital happens to suffer from a data breach in being
able to pinpoint how it happened and what can be done to prevent
cyberattacks in the future.
Although having a malicious stranger be in possession of important patient
information isn’t good in anyone’s book, hospitals can negate some of the
complications involved by having off-site data backups. Data can be
protected even more by encrypting it so that if hackers were able to get
their hands on it, they wouldn’t be able to make heads or tails of it,
rendering it useless to them.
It’s even suggested to store physical medical records off-site as an extra
safety precaution. However, hospitals should be wary of using cloud data
services as their backup since fourth amendment rights can be removed. Once
patient information is no longer needed, it is then suggested to regularly
delete unnecessary data.
Make Network Security a Priority
Many hackers can find their way in through a shoddy network, which is why
it’s important for healthcare professionals to make theirs as secure as
possible. Having up-to-date firewalls and the latest antivirus software are
must haves, but having safeguards in case of a breach is just as crucial.
This includes using multiple networks so that if one gets compromised, a
cybercriminal will not have access to all information.
With the use of wireless networks becoming more widespread, it’s integral
that certain security steps are taken since these kinds of networks are
more susceptible to cyberattacks. The first thing that needs to be done is
to make sure the router that is being used is not outdated with security
measures that cannot protect against advanced hacking methods.
Additionally, networks shouldn’t be made available to other devices, and
passwords should be changed on a regular basis.
When it comes to IoT usage in hospital settings, it’s best that they have
their own network altogether. IoT devices are usually much easier for
cybercriminals to hack, giving them a way to access valuable patient data.
Prevent this by regularly monitoring the IoT network for any unusual
activity, using authentication processes, and keeping up with each devices’
software updates. Also, we should keep track of policies and legislation
advocating an IoT security standard, as was recently advocated on IoT
Business News.
Although it may feel like there’s nothing hospitals can do when facing the
possible threat of a data breach, the healthcare profession is not without
defense against the onslaught of criminal cyber activity. By educating
employees, monitoring data usage, and securing networks, medical
professionals can focus more on taking care of patients instead of taking
care of cyberattacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171226/6f69d5a2/attachment.html>
More information about the BreachExchange
mailing list