Increasing Healthcare Cybersecurity Risks

Uploaded on 2017-03-27 in NEWS-News Analysis, TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

As healthcare professionals and the organisations they work in become more connected through the use of IoT devices and BYOD strategies, then they must ensure that potential healthcare cybersecurity risks remain a top consideration.  

Failing to account for one endpoint device or having one employee click on a phishing scam email could lead to a large-scale data breach that causes headaches for both providers and patients.

In terms of healthcare cyber-security measures, employee education and comprehensive data security plans are increasingly being touted as key approaches for organisations to take.

At a recent cyber-security forum where Boston Children’s Hospital Senior Vice President and CIO Daniel Nigrin, M.D. discussed the cyber-security attack that happened at the hospital in 2014.

In that incident, Anonymous hackers posted certain BCH external website details that were not extremely sensitive, such as its IP address and web server infrastructure information.

While the hospital’s patient data was ever accessed, Boston Children’s had to shut down some of its Web pages and some patients and medical personnel were unable to access online accounts.

At the forum, Nigrin noted the importance of healthcare organisations implementing the necessary counter-measures, knowing which systems depend on internet access, and have contingency plans in place.

Furthermore, he said that entities must recognise how important email is to the organisation, and that alternate methods of communication should potentially be created.

Finally, security measures must be pushed through. There are no excuses, Nigrin stressed. For example, secure tele-conferences could be beneficial and organisations should make sure they know which threats are real.
Intermountain Healthcare CISO and Assistant Vice President of Information Systems Karl West also spoke at the forum, explaining that the demand for data access whenever and wherever has “increased productivity, but, at the same time, has elevated risk.”

Employees, contractors, and customers all pose the largest cybersecurity threat, he added, but education will be the best defense.

In a 2016 interview with HealthITSecurity.com, Robert Anderson, former executive assistant director of the FBI, also stressed the importance of employee education and proactive planning. Cyber-security measures must improve, he stated, especially when it comes to ransomware preparation.

Healthcare employees at all levels must be thoroughly educated on ransomware and how they need to react should an incident happen, Anderson explained. A proactive plan for what should happen after a ransomware attack must also be in place.

“The heads of the hospitals and the boards need to be educated on the different types of threats that face them in today’s IT and cyber environment,” Anderson stated.

“Most hospitals concentrate on being a hospital and taking care of people. But I think that in today’s world, if you’re running one of those institutions, you need to be very educated into exactly what the threats could be and have a proactive plan of what’s going to happen if you do get attacked.”

Insurance companies are also taking note of the increase in cyber-security risks across numerous industries.

Cyber-security is one of the top board level priorities among insurers, according to a recent Moody's Investors Service report. Specifically, companies have greatly expanded their cyber-security governance, oversight, and investments. There are also more frequent and formalised cybersecurity reporting to executive management and their boards.

“Among survey respondents, essentially all maintain incident response plans for multiple cyber intrusion scenarios, and most insurers test their vulnerability to these annually," Moody Senior Vice President Alan Murray said in a statement.

“Cyber-attacks can have serious tangible consequences for insurers, exposing them to legal actions, regulatory scrutiny, fines and other expenses. In addition, an insurer's reputation is at stake."
The survey also found that cyber-security employment has increased nearly 30 percent over the past three years. Insurers have also widely upped their use of out-sourcing for cost-effective, current tools and expertise in securing systems and data.

HealthITSecurity:

Healthcare Starts Spending Big On Cybersecurity:

Stolen Health Records Flooding Dark Web Markets:

British NHS Hospital Trust Under Cyber Attack:

 

« US Has A Secret Cyberwar Going Against North Korea
CIA Silent About Wikileaks Agency Files »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Vitrociset

Vitrociset

Vitrociset design complex systems for defence, homeland security, space and transport. Activities include secure communications and cybersecurity.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

StormWall

StormWall

StormWall is an Anti-DDoS protection service for websites and networks. We offer 100% protection from all types of DDoS attacks and 24/7 technical support.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Secon Cyber Security

Secon Cyber Security

Secon Cyber Security is an Advanced Managed Security Services Provider with long standing experience of providing cyber security solutions to customers ranging from small to large enterprises.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Robosoft Technologies

Robosoft Technologies

Robosoft Technologies is a full-service digital transformation partner. We provide end-to-end digital transformation services in areas including cybersecurity.

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.