Remote Locations Put Health Information At Risk — 4 Ways To Improve Security

By Karin Ratchinsky, director of healthcare vertical strategy, Level 3 Communications

One-third of Americans fell victim to healthcare data breaches in 2015, and 98 percent of those leaks resulted from large-scale attacks directly targeting the healthcare industry. Healthcare providers must step up their security measures, especially now that care is increasingly provided beyond the walls of a hospital.

Security is already impacting decision-making. With almost 100 percent of leaders in healthcare IT feeling vulnerable to data breaches, it’s no wonder 60 percent of them are already spending more for better data protection. Sixty-three percent have actually experienced a breach, and nearly half plan to invest in new security tools to stay abreast of industry best practices.

Data breaches not only compromise the confidentiality of protected health information, they can also adversely affect the continuity of care, impacting patients’ lives. And as healthcare organizations incorporate more virtual care tools that rely on network infrastructure and remote access to communication vehicles, they must adopt corporate standards that support a holistic ecosystem and ensure the safety of health information and continuity of care.

How Remote Locations Can Jeopardize Healthcare

A report found most healthcare organizations are at risk for medical device hijacking. Also referred to as “medjacking,” this is when malware is used to swipe passwords or sensitive, private data.

If a remote location connects an internal device directly to the public internet, it could open up a node for cybercriminals to leverage in order to infiltrate the greater organization. Nearly five billion connected smart devices are already in use, and that number is expected to grow to 25 billion by 2020. As they become more connected and smarter, the risk for exposure amplifies.

For example, a remote site might connect a dialysis machine directly online to streamline communications and improve performance. But hackers are constantly scanning systems looking for abnormalities and open ports where they can gain access and capitalize on opportunities to hold organizations ransom by threatening to affect care.

Guest Wi-Fi also presents a potential point of entry for hackers seeking to glean private data and actionable intelligence about the care being received. Any device connected to guest Wi-Fi within a healthcare organization is a security risk, leaving clinicians and patients who use it exposed and providing cybercriminals the opportunity to infiltrate data systems.

What Hackers Seek — And How To Thwart Them

Hackers constantly scan networks for abnormalities or open ports to gain access and break into smart devices, unlock medical systems, and steal protected health information. Their goal is to find passwords and any other intelligence they can use for phishing scams.

So how can healthcare organizations protect their sensitive data? When remote locations are involved, these four steps will help improve network security:

1. Modernize infrastructure. Managing security systems from a central location and tracking the performance and access of all remote locations and employees requires a consistent and modern infrastructure. To protect patient data and ensure continuity of care, audits should be performed and programs prioritized based on level of exposure.

   This is best accomplished by working with providers that can offer comprehensive, vendor-agnostic solutions to fortify the security of corporate data centers, remote clinics, and telehealth workers. Leaders must be sure to thoroughly vet providers, as 73 percent of healthcare organizations in the U.S. have suffered breaches related to third-party vendors.

2. Increase data management capabilities. Healthcare organizations must use new information paradigms, think like businesses, and advance their data management capabilities. Because this is a major expense, many organizations often choose to roll out solutions in stages or at select key locations and data centers. Nonetheless, security risks exist throughout an organization — including around the edges of a network and at smaller locations.

   When it comes to protecting health information, many organizations are more trusting of the cloud and are moving operations to it. Cloud-based security solutions allow centralized data management while decentralizing scrubbing centers, making costs more manageable and reducing performance issues. What emerges is a tool that helps organizations extract intelligence and scale innovative resources to the patient.

3. Make it a team effort. Developing close relationships with different departments within an organization is key to proactively identify and address risks across the ecosystem. This helps manage threats and ensures that employees, clinicians, and contract workers understand the critical mission of protecting data and ensuring the continuity of care.

4. Create rules. Healthcare organizations should also invest in rules-based strategies. If there’s no business need or reason to communicate with organizations or persons in China, a rule set could be created to ban incoming or outgoing traffic to that country. Such rules can be created for countries, regions, specific addresses, or organizations.

To illustrate the importance of involving all stakeholders, 1,500 health organization employees were selected to receive phishing emails in a recent study by the Atlantic Health System. Of those, 220 clicked on the link in the message and 113 actually gave up their credentials.

The healthcare industry is in a perpetual state of evolution, and organizations must adapt by constantly monitoring access requests based on authentication and privileges. To mitigate the risk of an inadvertent breach originating from within the organization, administrators should educate staff on proper security protocol and scams facing the industry, conduct routine phishing tests, and track progress.

However, don’t discount a clinician’s daily work when developing his or her role in security. Policies and safeguards are needed to protect the organization, but they should never hinder employees’ ability to do their jobs.

The risks organizations face today will differ from those of tomorrow. To survive among the fittest in this new paradigm, healthcare organizations must adopt comprehensive security strategies across the organization.

As more healthcare information migrates to remote locations, those players with modern infrastructures who are capable of employing advanced security will emerge ready to manage their sensitive data and connected health devices and mitigate the risks of being breached.

About The Author
Karin Ratchinsky, the director of healthcare vertical strategy at Level 3 Communications, is highly motivated, competitive, and collaborative. At Level 3 Communications, Karin has been instrumental in accelerating sales, generating and deploying effective market strategies, and growing brand equity within the company’s healthcare vertical ecosystem.