By Chris McDaniels, Mosaic451
Cybersecurity risks in healthcare have increased significantly. Close to 90 percent of healthcare companies have been breached at least once and now, more than 25 percent of all data breaches are related to healthcare.
There are a few basic reasons for this:
Due to these realities, more and more U.S. healthcare companies follow HIPAA and HITECH guidelines, the NIST Cybersecurity Framework, as well as the Health Information Trust Alliance (HITRUST) CSF. They may also employ beneficial cybersecurity protocols, such as training employees about information security best practices, updating their IT systems and connected medical devices regularly, getting audited continuously, consulting a cybersecurity firm, etc. But that’s not enough.
Here are four tips to help you better protect your healthcare organization’s cybersecurity.
1. No Amount Of Technology Or Compliance Will Save You From A Cyber Attack
It can be tempting simply to audit your healthcare company’s compliance with HIPAA, buy a few cybersecurity solutions, and call it a day. But no technological solution will sufficiently protect your business without the help of human intelligence. Only a trained cybersecurity professional can wade through various sources of information to determine whether or not an alert is a false positive or a sign of something more serious.
2. Develop Better Tools To Protect And Monitor Card-Based Transactions
First, you can use “tokenization” to hide patient financial data: This just means substituting sensitive data with unique, but not sensitive data. Credit card companies have been doing this for a while and it could better protect health consumers paying for services online or with their card.
Deloitte recommends developing stronger pre- and post-payment monitoring systems to identify potential theft patterns. For example, a pre-payment methodology would track existing prescription inventory levels and if their current supply is adequate, stop new shipments. A post-payment tactic would be to identify outliers who prescribe a large amount of partial fill medications.
3. Don’t Forget About DDos Attacks
Distributed Denial of Service (DDoS) attacks remain among information security professionals’ top concerns for the healthcare sector for a simple reason: They are easy to deploy on any business connected to the internet. Given the complexities of IoT security in a health setting it’s no wonder DDoS attacks continue to cripple healthcare companies.
4. Share More Information About Cyber Vulnerabilities With Other Healthcare Companies
Harvard Business Review notes that the NH-ISAC (the National Health Information Sharing and Analysis Center) helps peer healthcare organizations exchange information about cybersecurity directly and quickly. Modeled after FS-ISAC, a similar organization for the financial sector, NH-ISAC aims to build a trusted community where healthcare professionals can exchange vital physical and cyber threat Intelligence and best practices with each other, particularly regarding vulnerabilities and attacks. This is crucial so that all healthcare organizations can learn about emerging risks as quickly as possible.
About The Author
Chris McDaniels is Chief Information Security Officer of Mosaic451 www.mosaic451.com a cybersecurity service provider and consultancy with expertise in building, operating and defending some of the most highly-secure networks in North America. McDaniels is a US Air Force veteran with over 14 years of cyber operations experience.