Healthcare rose to the top of the list of cyber threat targets in 2015; and is expected to stay there in 2016, as emerging technology trends expose networks and data to new areas of vulnerability. Electronic health records, the exploding use of “headless” medical devices, and clinicians’ growing reliance on smartphones and tablets to do more in less time are just some of the technology trends that have made information security a prime concern as the New Year progresses.
With more than 90% of healthcare organizations report having experienced a data breach within last five years, it’s worth taking a closer look at the technology factors that have the biggest impact on cybersecurity.
- Expanding attack surfaces. The rising use of hand-held medical devices by patients to cut costs, improve access and enable “anytime, anywhere” treatment, diagnosis and monitoring is expanding network attack surfaces for many healthcare providers. The misuse or misplacement of these devices—both intentional and in error—make healthcare networks more vulnerable to intrusion.
- Mobile devices. Clinicians are under constant pressure to deliver more care to more patients in less time—all while meeting increasingly rigorous medical reporting requirements. In response, many are turning to smartphones, tablets and other mobile technologies to help them address these pressures and improve the quality of care with more accurate and timely medical records. Nevertheless, the benefits come with risks stemming from the increase in network access points opened by mobile devices.
- Electronic health records. Widely accessible online, electronic health records (EHRs) are packed with highly valuable, personally identifiable patient data—making them a prime target for cyber attack. The known vulnerabilities of healthcare networks only add to their appeal.
How Can Healthcare Companies Protect Themselves?
While technology has enabled healthcare organizations to make significant strides in streamlining performance, compliance and the delivery and quality of care, cybersecurity efforts have not kept pace. But since healthcare rose to the top of the list of attack targets, cybersecurity pros have woken up to the problem and recognize the need to make the protection of patient data, medical devices and networks a priority. Major areas of focus include:
- Patient education. Patients need to be aware of existing and potential cybersecurity threats and provided with guidelines on securing mobile devices and health records. Proper password hygiene and adherence to basic user security protocols is key. So is knowing how to avoid and report phishing and social engineering attempts.
- Threat assessments. Regular threat assessments are effective in identifying known and possible vulnerabilities in healthcare networks and security systems—taking into account new and emerging threats, and empowering organizations to respond preemptively and successfully to these threats.
- Awareness. Cybersecurity teams need to keep up with changes in dynamic threat environments, anticipating what’s ahead and implementing layered strategies that can address threats that have the stealth and persistence to slip past first lines of defense.
- Responsiveness. All modern organizations need to have an emergency preparedness plan in place to mitigate harm in the event of a data breach.
In the face of rising cyber threats, the steps provided here can go a long way to reduce risk in healthcare environments. Learn more about the cybersecurity strategies and solutions Citon offers.