With security as an increasing focus in the healthcare
space, CIO’s and CTO’s spend significant time ensuring the safety and privacy
of patient information. However, the varying degrees of security attacks and
privacy concerns leave IT specialists and stakeholders with a never-ending list
Types of Security attacks
(although not an all-inclusive list):
ADVANCE PERSISTENT THREATS (APT) – a security threat to the network remaining undetected for an extended period of time, most common when the data is of high-value.
AI ATTACKS – an attack which can automate identity, crack passwords and DOS making these attacks much more formidable.
DISTRIBUTE DENIAL OF SERVICE (DDoS) – the goal is to deny access to the server by overwhelming the target system by flooding it with network traffic.
MALWARE – a stealthy approach, without end-users knowledge, to put code on a device (i.e.: Trojan Horse).
PASSWORD ATTACK – an unsecured source attempting to break in or obtain a user’s password.
PHISHING – Social engineering to obtain information or approval to run code on a device. C-suite you’re a Favorite target for an attach like this.
PHYSICAL SECURITY & DRIVE BY ATTACK – an unsecured wireless environment allowing threats to easily attack the system.
RANSOMWARE –blocks access to date with the threats to permanently compromise the data unless a ransom is paid.
Social engineering is the
foundation of several attacks. These attacks occur when a source acts as a
trusted advisor gaining access to codes and passwords for various devices.
These attacks provide the source with the ability to obtain damaging
information and/or create a foothold in the network to further exploit security
IT and cyber-attacks in the healthcare industry rate as one of the most damaging and costly occurrences compared to other industries. As a whole, the healthcare industry spends an estimated $6 billion dollars a year dealing with security attacks and breaches.
According to one of the latest Becker’s reports, more than 5 million US patients can be accessed online by just a basic web browser. The below diagram published by the HIPAA Journal, shows rise in the number of reported data breaches.
Steps to prevent a security break and ensure the privacy and
safety of information is secure is a fraction of what an organization could
lose in a cyberattack. Addressing these five items can help to eliminate the
possibility of future threats and attacks.
NETWORK ACCESS: Access to the network
can be as easy as identify the SID (Security Identify) and a password breaker
available on the internet for free. Make sure the wireless connection doesn’t
advertise the SID and that communications are encrypted. Using an
advanced authentication protocol as the environment will handle like a Kerberos
and Network Encryption protocols like IPsec will help safeguard the network.
PROFESSIONAL INSTALLATION: Hiring
highly qualified staff to administer the network and DMZ (the entry way into
your network from public networks). This will ensure firewalls, protocol and
port analyzers are proactivity looking for breaches. Conducting a
penetration by a 3rd party will also confirm safety measures are
correctly in place.
SECURE DEVICES: Ensure the network and PC
devices are locked down. Leveraging bio identification technology or a 3rd
party code generator for two-factor authentication will help improve overall
security of the system. Utilize a three-factor authentication and
additional security to access addition data or performing sensitive activation
(i.e. ordering narcotics) is also another way to safeguard high-valued
information. Lastly, having end-users security policies in place and enforced
will also increase protection.
3rd PARTY ASSISTANCE: Use 3rd
parties who specialize in healthcare security when necessary. It’s important to
include security that covers the protection of medical devices and patient
devices/wearables such as heart monitors.
At Excite Health Partners we use consultants and partners
who specialize in Healthcare IT. We can perform assessments to ensure the
environment and the patient’s data is well protected.