Healthcare Data Is Most Vulnerable To Cyber Attacks

by CXOtoday News Desk    Jun 09, 2016

Image Courtesy Recent high-profile attacks globally on healthcare organizations ranging from large hospitals to major insurance providers have highlighted the need for security that goes far beyond merely compliance with relevant regulations. Unfortunately, too many healthcare organizations have chronically under-invested in IT security measures to protect critical systems and data, leaving them far more vulnerable than their peers in other industries such as financial service where security has been a top business and regulatory priority for years. 

According to an IDC report released in 2015, 50 percent of healthcare organizations have experienced 1 to 5 cyber-attacks in the past 12 months. Patient health records have much higher value on the black market than credit cards and other financial data, making health providers a prime target for cybercriminals. Kansas Heart Hospital in Wichita was recently hit with the ransomware attack. Another healthcare entity, Hollywood Presbyterian Medical Center reportedly paid hackers a ransom of 40 Bitcoins, approximately $17,000 to decrypt their encrypted data.

“When it comes to security, healthcare is in the middle of a perfect storm. On the one hand, access to data distributed across devices and locations is paramount – diverse providers and connected organizations need that data to flow freely in order to do their jobs. While on the other hand, securing sensitive patient records has never been more important or difficult, since electronic protected health information (ePHI) is extremely valuable to hackers and scammers – 10 times more valuable than credit card data,” said Rajesh Maurya, Regional Director, SAARC at Fortinet.

Also Read: Healthcare Sees 340% More Security Attacks Than Others

The healthcare providers need adopt end-to-end security measures that allow them to embrace new technologies and ways of working while also protecting their most valuable asset-information. Fortinet has advocated holistic security approaches that could ensure security across diverse IT environments. Fortinet has also suggested holistic security approaches for healthcare institutes that include:

1. Main hospital and data centre

The central data storage facility should be fortified with hardened data protection to ensure the safety and usefulness of patient data. Enhance control and visibility of network traffic for centralized staff and providers so that the most important hubs of care can operate at their full capability.

2. Next-generation firewall management

CIOs need to protect distributed multiple healthcare locations by deploying a security infrastructure which can provide coherent management of fragmented networks and data streams, complete with logging, analysis, and reporting functionalities. With such advance infrastructure, a complex data picture is simplified, visibility is enhanced, and all of its moving parts are protected.

3. Distributed medical offices and home workers

Ensure security across distinct offices and home locations with flexible security practices and technologies. 

4. BYOD mobile users

The unique challenge of embracing BYOD is that it invites an essentially infinite range of device types, user habits, and locales into the IT environment. These devices may connect to the network from either outside the main firewall or from within the network perimeters, requires technologies that allow for rapid scaling, policy enforcement, and simplification.

5. Advanced threat protection

Reducing the available attack surface of a healthcare organisation can prevent many attackers from obtaining information. Ensure that advanced threat protection tools cover user authentication, VPN, SSL inspection, application controls, antivirus, and other factors. CIOs need sandboxing technology that can expose previously unknown malicious threats and examine them within a secured environment, hence provide the intelligence and protection necessary to secure the healthcare environment from escalating cyber threats.