Privacy & Security
Cloud Computing
Frost & Sullivan says the healthcare security space is set for big growth as hospitals recognize new vulnerabilities and vendors innovate their products and pricing models.
SPONSORED
Patient trust and transparency are key to pushing the boundaries of what can be accomplished in healthcare, says Elena Bonfiglioli, Microsoft's Managing Director of Health and Life Sciences for Europe, Middle East and Africa.
Printers present a unique cybersecurity threat, and the provider organization was serious about protecting them and staying in compliance with HIPAA. It also was serious about ROI.
The DoD is deploying a new network built with cybersecurity in mind, using a risk management framework, and undergoing regular white hat assessments, says Program Executive Officer Stacy Cummings.
Providers there also don't have to wait 28 days for access to Epic and other systems, and now receive full rights within two days.
Efforts to change our way of life, such as China with IP theft, Russia spreading discontent, and Iran and North Korea having weapons capabilities, are the top cyber concerns today, says IronNet Cybersecurity CTO Michael Ehrlich.
The FDA has posted pre- and post-market cyber guidelines for medical devices to eliminate confusion around security, says MITRE Senior Principal Cybersecurity Engineer Margie Zuk.
The firm’s annual report also finds healthcare professionals expecting more HIT startups to arise in next two years and creating some new concerns amid the ongoing talent shortage.
Despite increased industry efforts, healthcare is experiencing cyberattacks at an increasing rate. So what does the industry need to do to salvage the situation?
According to Forcepoint Information Security Senior Director Alvin Rodrigues, the industry needs to embrace new ways of protecting data.
At the recent Australian Healthcare Week conference, he mentioned that a behaviour-centric, analytics driven approach to cybersecurity is necessary.
“Having just a reactive mindset to cyber threats doesn’t work anymore. Cyber attackers have expanded the boundaries of attacks beyond the horizon of just the healthcare organisation to reach other players or partners of these organisations,” he said.
“Therefore, you need to consider how you get visibility of the landscape and as a result of that, how you control and manage access from a collaborative standpoint with compliance in mind. A risk-based approach ensures that cybersecurity is aligned to the way that the organisation is run.”
According to Rodrigues, healthcare has been the main target of hackers who are after patient information and credentials. Hacking and malware are the first points used to get these information and ransomware is on the rise, he said.
“Health information is more valuable than financial information because the shelf life of healthcare information is longer than financial information,” he said.
“If someone gets a hold of your credit card information, all you need to do is call your bank and deactivate it. But if that someone gets a hold of your health records, the person can take advantage of that in multiple ways.
“The lack of encryption and insider threats are also concerning. These are due to the way that hospitals are run. Many hospitals are still using outdated technology, resulting in these issues. In addition, doctors aren’t aware of cybersecurity – it’s still predominantly an IT department issue.”
In addition, with healthcare becoming increasingly connected, Rodrigues said hackers are more likely to target organisations because all data sits in one pocket.
[Read more: Reinventing data security with cryptographic technology | How important is medical device classification in a healthcare organisation’s cybersecurity strategy?]
As such, he said having risk adaptive protection is necessary and that it delivers:
Dynamically, adaptively and automatically protects data and minimises data exfiltration
Identifies intentions through alerts of anything out of the ordinary
Provides evidence for litigation
Minimises friction between security and other departments
Home-required cybersecurity training and education
A corporate aware security culture.
“We need to beef up our cybersecurity posture so that we can minimise the unknown threats that enter our organisations,” he added.
Data scientists, through the use of AI and machine learning will be able to understand human behaviour better when it comes to cyber attacks. Organisations that embark on this human-centric cybersecurity strategy moves processes away from one that is threat based to one that is risk and analysis based.”
The fine was issued for breaching the Data Protection Act 1998.
