Cybersecurity poses a great threat for industries. Off lately, there has been an increase in cybersecurity attacks with the healthcare organisations being the major target. It seems that healthcare has become the new treasure for the hacker as it has a plethora of “patients data”. Though hackers are unwavering in their efforts to steal electronic health records (EHR), several risk mitigation trends are emerging that can effectively deal with these threats. Below is an insight into the top five emerging security trends of 2018 for the healthcare sector.
The prominence of Ransomware in Connected Medical Devices
The advent of medical devices and adoption of the internet of things in healthcare has improved the service levels and facilitated the provision of storing data electronically. However, these innovations have also attracted cyber threat by compromising data security. Ransomware being the leading threats to healthcare invades the medical devices. SamSam is one such recent ransomware attack that affected two hospitals in New Mexico that targeted Allscripts that biggest EHR vendor. Similarly, IoT medical devices are also vulnerable to such attacks mainly due to usage practices of its users. These devices have endpoints such as embedded browsers on medical workstations, wireless connectivity and chat application that are potential openings for hackers. Devices that are attacked by hackers are the imaging systems, cardiac monitors, patient monitors, glucometers among others. Though manufacturers of these devices need to ensure that the devices are secured with inbuilt encryptions but greater responsibility also lies with hospitals and clinics in terms of its usage. For instance, managing devices, completing compliances and monitoring threats are the key steps that can be followed to eliminate risk if any.
Awareness and Training about Cyber Threats Mitigate Risk
The endpoints for cyber attacks can be both internal as well as external. A lot of attacks that have happened in the past is majorly due to internal security loopholes rather than from external sources such as third party vendors. Internal sources are basically staff and hospital employees that handle the accounts and digital profiles. Due to lack of proper training, employees are generally unaware of a potential cyber security threat. Hackers try to steal the data through phishing emails and through corrupted files. Phishing attacks via emails are the most common cause staff and employees fall prey to. These emails are identified either through special character, wrong spellings and other unique practice that is easy to catch. But employees lack this understanding about identifying the likely threats and download files that are potential threats. Thus resulting in compromising the confidential data.
Pump Investment in Healthcare Security
With unceasing attacks on healthcare data, healthcare providers are shelling out money to create a strong security ecosystem. Several security companies boast of products and software that claim 100 per cent protection but to put things in perspective, there is not one sure shot way to eliminate risk. Instead, shared efforts of the organisation, staff, security personnel and software will provide the required protection. Therefore, investment in hiring the right security personnel and buying the right software such as access management and compliance management systems will guarantee a positive return on investment. With increasing cyber attacks there has been a rising uptake of security software by healthcare providers. According to industry reports, healthcare security market is expected to be worth $170 billion by 2022. This shows that the industry is moving towards taking ensuring utmost security.
Integrate Artificial intelligence and Healthcare
Technology disruptions have improved the service levels and treatment delivery at hospitals. The uptake of artificial intelligence tools is another boon for the industry. Tools developed using algorithms to monitor potential cyber attacks and inform about the same in a timely fashion. Healthcare providers can install such tools in their information technology systems to alarm about bugs. For instance, the dark trace is one such AI-powered tool that claims to identify and respond to cybersecurity threat. However, this does not mean that AI tools alone will protect the complex IT system of the organisations. Using AI tools in resonance with a security team that can overlook for threats and monitor the system is required.
Holistic Security Risk Analysis
With increasing instance of attacks on hospitals, the authorities like civil rights office are cracking down on health care providers to analyse what security standards are being followed. Some providers conduct only the network risk assessment or partial risk assessment hoping that this would fulfil the requirements of the Health Insurance Portability and Accountability Act, 1996. However, these measures will provide only partial protection and will fail to secure the critical data. As a result, in 2018, there is a renewed focus towards holistic security risk analysis that includes auditing systems, using encryptions and security software to avoid paying huge penalties and financial losses.
Employee email accounts are the vulnerable endpoints that result in ransomware attacks. Through these email accounts, a large repository of information is targeted. Confidential information sent through email accounts are present in the sent folder that is kept in an unencrypted fashion. Therefore, it becomes relatively easy for the phishing emails to target the potential data. Therefore, emails that contain patients information must be protected by multi-factor authentications. Though, off lately this has lost its importance as users tend to skip the process. In 2018 authentications by keeping difficult to guess passwords involving a combination of words and special characters will be again followed.
The Way Forward
The evolving and expanding cybersecurity threats require progressive steps to protect the data. Advancements in technology and regulations are also forthcoming that will make it stringent for hackers to invade personal data. But this does not stop here, patients too can contribute to ensuring that the data is protected by changing the way the internet is used. Making sure that secure connections are used rather than opening websites on mobile phones and other connections that are available publically.