subscribe: Daily Newsletter
search the site
The unhealthy state of healthcare
The healthcare industry, arguably one of the most technologically advanced considering the gadgets and devices now used to monitor health statistics and perform medical procedures, is ironically among the most ‘unhealthy’ when it comes to network security.
Delegates attending the recent Healthcare Innovation Summit were told that medical records are being increasingly targeted by cybercriminals – data from the US showed that 89% of healthcare institutions suffered a security breach and were twice more likely to be targeted than other organisations.
Healthcare record theft increased a shocking 1100% this year with more than 100-million records compromised worldwide. The biggest threat, says KPMG, comes from external attackers – at 65% – while malware tops the list of information security concerns.
But why is an industry with the technological ability to perform surgery on patients in other countries so sick when it comes to protecting information?
The answer is multi-faceted:
It sounds clichéd but, when it comes to security in any sector, prevention certainly is better than cure.
In order to gain a holistic overview of the network, technology managers need to design the infrastructure from the bottom up, starting with the physical layer, comprising devices and other hardware, and working up to the application layer.
This multi-layered approach to security gives IT managers more visibility into the network so that they can see what data is coming into and leaving the network and can implement controls as required. For example, sensitive patient information can be encrypted as it traverses the network between devices, while less sensitive information, such as that collected by fitness devices, can be subject to less stringent protection measures.
Education of staff members is also critical. They need to be able to identify hacks such as spear phishing and ransomware attempts so that they know not to click on malicious links and to alert the IT department to such attempts.
There also needs to be a general increase in awareness within the healthcare sector of the various methods used by cybercriminals to gain access to medical data. In many cases, medical institutions do not even know that they’ve been infiltrated purely because they don’t know the warning signs. They need to take a more proactive approach to network security and understand how to prevent certain attacks.
Security should not be reactive and should not be done just because organisations want to comply with legislation such as the Protection of Personal Information (POPI) Act. But unfortunately, this is the case in the healthcare industry and it’s the reason why they are always one step behind the attackers. Rather, security should be about prevention and the desire to ensure the integrity of sensitive information.