According to the Verizon 2018 Data Breach Investigation report, the healthcare industry is on the list for most exposed and exploited data. Halfway through 2018, the healthcare industry continues to struggle on securing and maintaining data security.
Security in this industry is very important, because the amount of valuable data – social security numbers, contact information and medical records – are highly desirable to malicious actors. There’s a hefty profit for it on the darknet.
To find solutions to these security challenges, we reached out to healthcare cyber security experts to provide typical healthcare challenges and solutions.
Meet our Panel of Cyber Security Experts:
|Dr. Axel Schumacher|
Scott Orchard is the Senior Web Developer at Healthcare Success in Irvine, CA, a leading marketing agency dedicated to helping hospitals and practices achieve their goals and get more patients.
Healthcare Security Challenge: One major security issue in the healthcare industry has to do with HIPAA compliance and preventing Protected Health information (PHI) from being accessible on websites. Patients want to easily submit information digitally, while hospitals and practices want to gather as much information electronically (from intake forms and contact forms) as possible, integrating this information into their EHR (Electronic Health Record)/EMR (Electronic Medical Record) systems.
Healthcare Security Solution: One possible integrated solution includes using a third-party service like IntakeQ along with the EHR/EMR to securely accept intake forms, or utilize the redundancy of paper and keep contact form submissions separate from intake processes.
Chris Sullivan is the global healthcare practice lead at Zebra Technologies. Chris helps shape the healthcare and IoT industry. He has an acute understanding of the needs of patients and their caregivers, coupled with robust technology knowledge of healthcare operations..
Healthcare Security Challenge: One important security challenge in the healthcare industry are operating systems’ software updates. There can be unsolvable problems. When you have a software system upgrade, it opens up doors to new environments for data security breaches and malware software attacks.
Healthcare Security Solution: Central location. It will allow the hospital IT department to automatically prevent unauthorized operating systems from occurring. Hospitals need enterprise operating system management to allow for minimizing the risk of threats.
Hospital administration management should be done enterprise-wide in a controlled environment. It’s critical that security is intact during the life of the product – not just when security is offered from the product’s administrator.
Ofer Israeli is the founder and CEO of Illusive Networks. Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing Illusive Networks, Ofer managed development teams based around the globe at Israel’s seminal cyber security company Check Point Software Technologies and was a research assistant in the Atom Chip Lab focusing on theoretical Quantum Mechanics. Ofer holds B.Sc. degrees in Computer Science and Physics from Ben-Gurion University of the Negev.
Healthcare Security Challenge: Advanced attackers generally spend weeks moving laterally across the network in search of the data jackpot and it’s often too late once they find it. What can healthcare organisations do to better protect PII?
Healthcare Security Solution: Often the focus involves protecting the data itself through methods such as encryption. A holistic approach to protecting personally identifiable information (PII) should be undertaken, involving people, processes and technology, alongside enhanced security. Organizations also need to incorporate fresh, proactive measures to surface attackers with speed and precision. For example, deception technology provides the next level of defense if the attacker makes it past perimeter controls, whilst bolstering the monitoring of networks to ensure mitigation of attacks at the earliest stage of their life cycle.
DR. AXEL SCHUMACHER
Dr. Axel Schumacher who has over 20 years’ experience in the field of genetics; and is the CEO and co-founder of blockchain-enabled genomic data-hub startup Shivom. Shivom’s platform aims to be the largest genome & healthcare data-hub on the planet, allowing the world’s population to have their genome sequenced and securely stored with the help of blockchain technology.
Healthcare Security Challenge: DIY genetics testing entered the mainstream last year, and its projected to grow rapidly, with as many as 2 billion genomes expected to be sequenced by 2025. DNA self testing kits are available for as little as $79, from companies like 23andMe and Ancestry.com however the privacy policies are far from clear and consumer protection experts have advised that you ought to assume that when it comes to DNA tests, you are signing your life away.
Healthcare Security Solution: Blockchain technology. When decentralised self-sovereign identity solutions are available, having your personal data stored in a centralised company database serves as a beacon for hackers to attack. Further as the owner of your valuable DNA data, through blockchain technology you can choose who and when to share your data.
Founded by the former CIO of a Louisiana based Behavioral Health 501(c)3, we know the ins and outs of the healthcare industry. More importantly, we know the key IT issues that can detract from your mission. With a focus on Secure, Compliant, and user friendly solutions, Dunwich Technologies strives to be your technological solution.
Healthcare Security Challenge: One of the most important data security challenges for healthcare is the continuing reluctance to move to cloud based infrastructure solutions. Many of the most serious HIPAA Violations and subsequent fines are related to the loss and theft IT equipment while in possession of staff or in an office.
Healthcare Security Solution: A major mitigation to this risk comes with the utilization of cloud-based desktop virtualization and DaaS (Desktop as a Service) solutions. By never storing data on local devices, actions taken by individuals, both malicious and not, can’t breach the Privacy that is expected with Protected Health Information. Even if a device is lost or stolen, data is protected.
Annabel Maw is a Marketing Communications Specialist at JotForm, a popular, easy-to-use online form building tool based in San Francisco.
Healthcare Security Challenge: An important security challenge in the healthcare industry is effectively protecting patient information and data.
Healthcare Security Solution: In today’s world, most patient data is documented and stored on paper forms. The thing is, paper forms are overused, overrated, and they don’t actually safeguard private information. A solution for this is to make the shift to HIPAA-compliant online forms. With HIPPA-compliant online forms, healthcare providers can collect patient data easily and be sure that the information is safe and most importantly, secure.
Art Salazar is Director of Data Centers & Compliance at Green House Data, a national provider of HIPAA compliant IT hosting and services.
Healthcare Security Challenge: The majority of reported HIPAA breaches come from compromised devices, which are often lost or stolen.
Healthcare Security Solution: Data should therefore be secured remotely, by using a combination of central repository, as opposed to local storage on the user device, and mobile device management and/or remote desktop tools. Ultimately patient health information should not reside on local devices if at all avoidable.
Leon Lerman is co-founder and CEO of healthcare cyber security provider Cynerio. Leon brings over a decade of experience in cyber security enterprise sales, channel sales and business development to establish Cynerio as a leading vendor in the healthcare cyber security space. Prior to Cynerio, Leon was director of sales at Metapacket, where he led the go to market strategy & execution. Prior to that, Leon held sales & sales engineering positions at RSA Security, helping the largest enterprises in the region to solve their security problems. Leon served as an expert intelligence officer at 8200 in the IDF. Leon holds a B.Sc in industrial engineering and management from the open university of Israel where he graduated with distinction.
Healthcare Security Challenge: Healthcare organizations need to be aware that connected medical devices are probably the most vulnerable entities on a hospital’s network, as they were not built with security in mind and it’s extremely challenging to regularly keep them up to date.
Health providers cannot rely on device manufacturers to protect their patients’ data and safety.
Healthcare Security Solution: Providers first need to make sure they have complete visibility to the medical device ecosystem, understanding the right medical context of the communications and the associated risk. This will enable them to better understand the risks on their clinical environment and will enable them to take proactive actions to ensure their patient safety and data protection. Click below to learn more about Teramind.