Cybersecurity: Is Your Hospital At Risk?

Wednesday, October 26, 2016

Cybersecurity is a preventive process that hospitals should take more seriously as they evolve with the use of technology. There are four main access points that hospitals and organizations should be aware of in the event that a cyber attacker tries to breach databases and systems. This article identifies these problems and will present the top five priorities that can help stop 85% of all hacks.

Healthcare data is uniquely vulnerable to privacy breaches. Government regulations forced healthcare operations to adopt electronic health records and other advances under the Patient Protection and Affordable Care Act even if they weren’t ready to adequately invest in security.

How prepared are you to respond to these cyber-attacks?
A survey conducted by the American Hospital Associated showed that 75% aren’t prepared, yet 91% said being prepared for an attack is essential to protecting the organization.

Let’s think about Security Screening at the airport and all the check points you go through before sitting on the plane for departure. TSA has evolved from a one-size-fits all security screening approach to a risk-based, intelligence-driven strategy designed to improve both security and the passenger experience. People want to feel safe at the airport just like people want to feel safe and germ-free at hospitals.

How are the hackers getting through?
There are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, internet-enabled medical devices, and electronic data bases for clinical, financial and administrative operations; however, these advances also increased exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks. Nearly 1 million new malware threats are released every day. In one case, hackers are targeting insulin pumps, which were reported earlier this month.

How do you manage these unforeseen risks?
The Senior Director of the Center for Internet Security defined the Cybersecurity trend as an equation.

Can you afford your hospital to be shut down and patients’ data held for ransom? Before it’s too late to be sorry, consider the choices you can make within your IT infrastructure to secure yourself against unwanted threats.

What are the event types for hospitals?

  •  Phishing – the activity of defrauding an online account holder of personal information by posing as a legitimate company.
  •       o Common in the form of an email.

          o Hackers unleash data in an unsecure environment.

          o   CEOs are targeted for a wire transfer or requested bill to pay. 

          o   Ex: Wyoming hospital hit by phishing attack.

    ·         Ransomware – a typical malicious software designed to block access to a computer system until a sum of money is paid.

          o Can be avoided by encrypting data.

          o Once hackers are in, the only options are to pay money or restore from backups.

          o Good IT training is key!

          o Ex: Hollywood hospital held to ransom by hackers.

    ·         Lost Devices – over 10,000 devices lost at the airport a year.

          o Airport donates lost devices without ever clearing or checking if it has sensitive        information on it.

          o Ex: NYC Health Center notified 1,500 patients of PHI data breach.

    ·    Server Comprise – there are many types of servers in the IT world, but they all share the general purpose of connecting information and having it stored in a centralized location.

          o SQL Inject – refers to an injection attack of SQL statements that control web              application’s database server. This vulnerability is one of the oldest, most prevalent           and most dangerous.

          o Ex: Saint Francis Health System server hacked and patient info was extracted.

These issues should be made part of the hospital’s existing governance, risk management and business continuity framework. Proper training for IT employees eliminates human error and can reduce the threats for receiving and opening malware in compromised emails. Asses the security of your physical assets and infrastructure in terms of where your data sits along with other networks and online. Hospitals should take the steps to ensure that the cybersecurity approach adopted remains flexible and resilient to address threats that are likely to be constantly evolving.

To understand more about how to deal with these problems, special compliance costs, and the top five priorities of Cyber Hygiene, please follow us on our Social Media accounts for alerts on our next blog article!

We can help you start today with an assessment of your security environment at your facility. Give our experts a call and we can provide a road map for how you can make smart investments to make your organization more secure while allowing you to focus on serving your patients.



Leanne Leuterio

Add your comments:

Items in bold indicate required information.