Taking Healthcare Cybersecurity Beyond Basic Compliance

Enterprise Security Magazine | Tuesday, August 06, 2019

It is imperative for healthcare organizations to move forward from the basic security compliance toward securing crucial data and vulnerable systems.

FREMONT, CA: Compliance is a leading concern in the healthcare landscape. The data breach incidents reveal that even the organizations implementing the basic security compliance are not beyond the reach of cybercriminals. Healthcare facilities serve as crucial data hotspots for hackers on account of the vast troves of sensitive patient information.

In their rush to avoid penalties, healthcare organizations often forget the true purpose of security compliance. The international and national standards of compliance serve as the most basic walls against cybercriminals. However, adhering to the basic security standards cannot help organizations in thwarting the sophisticated cyberattacks bolstered by emerging technology.

As the incorporation of the internet of things (IoT) increases, so is the scope for cyberattackers. The rising incidents of data breaches are awakening healthcare organizations to the adversity of cyberattacks. However, moving from awareness toward the implementation of robust cybersecurity measures goes a long way in thwarting data breaches.

Healthcare organizations across the world are adopting electronic health records (EHRs) and BYOD programs to streamline their operations. However, most of them fail to consider the vulnerability of their endpoints. According to a report by Carbon Black, its healthcare clients witnessed an average of 8.2 attempted cyberattacks per endpoint in each month of the year 2018.

Endpoint vulnerability is being exploited by cybercriminals to shut down or compromise the crucial operations of a healthcare organization, including patient records and other critical systems. Hence, it is imperative for healthcare organizations to consider their connected assets, including electronic health record systems, medical devices, and payment processing systems, as potential targets for cybercriminals to launch their attacks. By implementing adequate visibility into the endpoints, organizations can form effective strategies and counter possible threats.

Performing regular system audits and vulnerability assessments will enable healthcare organizations to stay ahead of potential hackers. Cyberattackers are evolving with technology, employing artificial intelligence (AI) and machine learning (ML) algorithms to bolster their attack vectors. The sophisticated intrusions, ranging from destructive attacks to island hopping, allows cybercriminals to set up command posts and take over the network.

The Carbon Black report reveals that 33 percent of the surveyed healthcare organization encountered island hopping on their networks. Threat hunting is one of the more efficient approaches for organizations to predict and counter these attacks. Also, regular auditing and remediation can help in bolstering the security infrastructure.

Above all else, securing patient data is vital for healthcare organizations, to maintain customer trust and loyalty. Hence, it is advisable to back up and protect critical data. However, going beyond compliance cannot guarantee immunity from cyberattacks. Over 83 percent of the healthcare organizations claimed an increase in cyberattacks in the past year, whereas 66 percent revealed being targeted by ransomware attacks motivated by destruction of crucial healthcare data.

Hence, healthcare organizations need to implement precautionary measures and prepare for the worst. It will not only enable them to form effective strategies but also recover with minimum damage. Along with the establishment of a robust compliance management program, organizations should also take additional cybersecurity measures to secure their data.

Check out: Top Healthcare Compliance Consulting Companies

See Also: Top Healthcare Technology Companies

Read Also

Future Of Cyber Security: Responding To Threats With Confidence

Future Of Cyber Security: Responding To Threats With Confidence

Bernard Gavgani, Group CIO, BNP Paribas
Meeting the Cybersecurity Challenge

Meeting the Cybersecurity Challenge

Scott Self, CIo, Tennessee Valley Authority
Navigating the Storm of CVEs

Navigating the Storm of CVEs

Yonesy Núñez, Chief Information Security Officer, Jack Henry & Associates
Building a Comprehensive Industrial Cyber Security Program

Building a Comprehensive Industrial Cyber Security Program

Mohamad Mahjoub, CISO, Veolia Middle East
Building Untrusted Networks to Improve Security

Building Untrusted Networks to Improve Security

Earl Duby, Vice President and CISO, Lear
Security challenges that companies face when implementing telehealth and the solutions and best practices for managing the risks

Security challenges that companies face when implementing...

Stefan Richards, Chief Information Security Officer, CorVel Corporation