Search

A cybersecurity CEO offers advice on tactics healthcare CISOs and CIOs should use to protect sensitive telehealth data, and how providers can adopt a proactive security stance specific to virtual care.

To improve healthcare cybersecurity, an organization can shore up Internet-enabled device misconfigurations by starting with CIS Benchmarks, before moving on to industry-specific standards, Fortra’s Tyler Reguly said.

Deploying a HIPAA-compliant approach to endpoint devices was part of the Alliance Clinical Network's larger IT strategy, explains Michael Trzcinski, its vice president of IT, cybersecurity and facility operations, ahead of his presentation.

A healthcare infosec expert talks why CISOs and CIOs should prioritize unified endpoint management, what a UEM strategy looks like and much more.

The Healthcare Cybersecurity Act of 2022 introduces a CISA-directed collaboration with HHS to tighten healthcare cybersecurity with industry analysis and workforce training.

A CISO talks with Healthcare IT News about boards' changing views of security, how hospitals are adapting to ransomware strikes and how infosec professionals' priorities are shifting along with the threat landscape.

In feature No. 7 of our lessons learned series, a CIO, a CMIO and two IT directors offer readers what they've discovered since the pandemic response has reshaped health system priorities.

Remote patient monitoring linked to the EHR helps researchers reveal important discoveries about the differences in recovery between women of both races.

Cryptographic technology addresses the security problems that blockchain doesn’t, according to Cryptoloc Technology Founder Jamie Wilson. “Everyone is looking at blockchain, but there are a whole lot of flaws with this technology. Even with a private blockchain, you’re enabling a cyberattacker to take control of your entire system. Blockchain also involves the use of an open ledger, which allows an attacker to track back and access your entire medical history,” he told HITNA. “With cryptographic technology, no one else has access to the information except for the user themselves. There’s also a full audit trail where everything is date and time stamped, so you’ll know who has accessed the file and where they have accessed it from.” Wilson said security by design – taking a proactive instead of reactive approach to data security by building security into infrastructures from the ground up – is the best approach. “Cryptographic technology allows just that. By encrypting each and every file uniquely, no two files are the same. And malware and ransomware gets reduced as should a user gets attacked, you can identify that they’re being held to ransom.” Wilson identified that heightened levels of connectivity in Australia’s national healthcare system have also created additional points of exposure for cyberattacks, highlighting the need for new ways to secure these systems “The ideals behind having a national health system to share and control medical records between doctors, specialists and patients is sound and could vastly improve the quality of healthcare in Australia,” he said. “Unfortunately, storing and sharing such a wealth of personal data provides many security vulnerabilities and is a lucrative target for cyber criminals.” With the national healthcare system suffering many compromises – the number of data breaches involving My Health Record has risen from 35 incidents in the last financial year to 42 incidents this year – and more than 2.5 million opting out of using the voluntary system, Wilson said stronger data security technologies are necessary. “Cybercriminals are not looking at just one individual; they’re looking at a wider collection of information to be able to attack them later and abuse their identity,” Wilson said. A recent Office of the Australian Information Commissioner (OAIC) report supported his claim, identifying that malicious and criminal attacks were the second largest source of data breaches from the health sector, at 46 per cent. It also found that cyber incidents were the most common type of attack, accounting for 44 per cent, while theft of paperwork or data storage device was the second most common type of attack (32 per cent). “A centralised health record system is a fantastic idea. However, we need to be able to secure this data and be able to share this information securely on a global stage to ensure that individuals receive the correct medical treatment that they’re entitled to,” he said. [Read more: Connected care: protecting patient privacy and security | Industry calls for more caution over MHR system] Wilson also said Australia is not where it needs to be from a global healthcare security perspective. “Australia is falling with regards to cyber and the securing of information,” he said. “The best way of doing this is reviewing the way that we do security today and bringing the control back to the user. That gives the user the control to be able to share their information with third parties should they wish to do so. This ensures that information is not flowing out to multiple parties outside of the system.” In addition, Wilson addressed the need for more security around external mobile devices, especially with more BYOD (bring-your-own-devices) and Internet of Things devices getting integrated into the healthcare system. “This goes back to what I mentioned around security by design and having security built into every part of the healthcare IT management process,” he added. Wilson will further discuss how the new cryptographic platform of Cryptoloc reinvents data security at the upcoming 2019 HIMSS Health 2.0 eHealth Summit in Singapore.

New BYOD features include push notifications, messaging, easy interface to request call from care provider, full access to health content resource library, virtual visits and trending data.