[BreachExchange] How cybercrime is putting Healthcare Information at risk?
Audrey McNeil
audrey at riskbasedsecurity.com
Wed Jan 18 20:19:07 EST 2017
http://techseen.com/2017/01/18/cybercrime-healthcare-risk/
While they may have been hesitant initially, healthcare organizations have
started to fully embrace cloud technology. In fact, a recent survey by
HIMSS Analytics found that 83% of healthcare organizations are currently
using cloud-based applications. Furthermore, the cloud computing market in
healthcare is expected to grow at a 20.5% compound annual growth rate to
reach $9.48 billion by 2020.
Thanks to increased adoption of healthcare technology, consumers are able
to use mobile devices to access their medical information, monitor their
vital signs and even take laboratory tests at home. Doctors are able to
remotely monitor crucial metrics such as blood pressure readings or heart
rates and use hand-held computers to record real-time patient data and
instantly upload it to existing medical files.
Cloud-based technology has undoubtedly improved the efficiency and efficacy
of the healthcare industry, however it’s also had an unfortunate, adverse
effect: It’s made healthcare organizations and consumers more vulnerable to
cybercrime.
The sheer volume of cloud-based applications and services being used by
healthcare organizations has introduced significant cybersecurity risks,
and often, healthcare professionals and their patients aren’t educated on
how to use cloud technology safely. Many healthcare professionals and
consumers continue to use insecure, personal computing devices to access
confidential healthcare data and some applications and services don’t
adhere to industry compliance and security requirements like HIPPA or
HITECH, making them easy entry points for malicious hackers.
According to the Office of Civil Rights, the top ten data healthcare
breaches from 2015 alone resulted in over 111 million patient records being
compromised. Just this week, hackers infiltrated the World Anti-Doping
Agency’s athlete database to expose private medical information concerning
Serena Williams, Venus Williams and Simone Biles, and according to IDC’s
Health Insights group, 1 in 3 healthcare recipients will be the victim of a
healthcare data breach this year.
Today’s healthcare organizations are failing in the battle against
cybercrime primarily because their IT teams are using an outdated arsenal
of tools. They’re relying on legacy platforms that use technology dependent
upon signatures, and while these platforms may be good at blocking basic
malware that’s known and documented, they stand little chance against
today’s sophisticated, dynamic cyber attacks that occur across multiple
vectors and stages.
Given their unique access to confidential patient data, healthcare
organizations and their IT teams must take extra precaution not only in
protecting healthcare information, but also in crafting data security
compliance practices. To prevent data breaches from continually occurring,
healthcare IT teams need to implement technology and cybersecurity
procedures that can address the following key vulnerabilities:
● User Credentials: Often, hackers will steal credentials to compromise
healthcare user accounts for financial gain. Look for technology that can
prevent unauthorized access to patients’ healthcare information by
identifying anomalies that indicate someone might not be who they claim to
be online. By understanding patient and physician login attempts from
suspicious devices and locations, healthcare IT teams can better detect
compromised accounts across multiple dimensions.
● Payment Data: Many healthcare providers keep payment information on file,
which presents hackers with an opportunity to steal payment credentials and
access (or even bill) for healthcare worth hundreds of thousands of
dollars. Leverage solutions that use a layered, cross-channel approach to
payment fraud protection and offer real-time analytics that scrutinize
every transaction and can pinpoint malicious devices and IP addresses.
● Remote Access: One of the greatest benefits of cloud-based technology is
that it’s enabled healthcare professionals to access medical records and
insurance data on the go. However the user accounts that make this process
possible are popular targets for hackers, as they can provide access to
confidential healthcare information, medical records, and payment data.
Administer tools that can continually profile remote access devices and
incorporate user identities and behaviors to identify any login behavior
anomalies and/or malware threats.
While the benefits of technology for both healthcare professionals and
their patients are undeniable, the security of cloud-based healthcare
information needs to be prioritized first and foremost. Healthcare IT teams
should leverage compliant technology that can ensure anyone connecting to
online medical portals are who they claim to be, and they should implement
tools that can trigger alerts before hackers can log into online medical
portals. In doing so, healthcare organizations and consumers can rest
assured that their valuable healthcare data will be accessed only by those
who are authorized to use it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170118/a71e2e11/attachment.html>
More information about the BreachExchange
mailing list