Increasing Healthcare Cybersecurity Risks

As healthcare professionals and the organisations they work in become more connected through the use of IoT devices and BYOD strategies, then they must ensure that potential healthcare cybersecurity risks remain a top consideration.  

Failing to account for one endpoint device or having one employee click on a phishing scam email could lead to a large-scale data breach that causes headaches for both providers and patients.

In terms of healthcare cyber-security measures, employee education and comprehensive data security plans are increasingly being touted as key approaches for organisations to take.

At a recent cyber-security forum where Boston Children’s Hospital Senior Vice President and CIO Daniel Nigrin, M.D. discussed the cyber-security attack that happened at the hospital in 2014.

In that incident, Anonymous hackers posted certain BCH external website details that were not extremely sensitive, such as its IP address and web server infrastructure information.

While the hospital’s patient data was ever accessed, Boston Children’s had to shut down some of its Web pages and some patients and medical personnel were unable to access online accounts.

At the forum, Nigrin noted the importance of healthcare organisations implementing the necessary counter-measures, knowing which systems depend on internet access, and have contingency plans in place.

Furthermore, he said that entities must recognise how important email is to the organisation, and that alternate methods of communication should potentially be created.

Finally, security measures must be pushed through. There are no excuses, Nigrin stressed. For example, secure tele-conferences could be beneficial and organisations should make sure they know which threats are real.
Intermountain Healthcare CISO and Assistant Vice President of Information Systems Karl West also spoke at the forum, explaining that the demand for data access whenever and wherever has “increased productivity, but, at the same time, has elevated risk.”

Employees, contractors, and customers all pose the largest cybersecurity threat, he added, but education will be the best defense.

In a 2016 interview with HealthITSecurity.com, Robert Anderson, former executive assistant director of the FBI, also stressed the importance of employee education and proactive planning. Cyber-security measures must improve, he stated, especially when it comes to ransomware preparation.

Healthcare employees at all levels must be thoroughly educated on ransomware and how they need to react should an incident happen, Anderson explained. A proactive plan for what should happen after a ransomware attack must also be in place.

“The heads of the hospitals and the boards need to be educated on the different types of threats that face them in today’s IT and cyber environment,” Anderson stated.

“Most hospitals concentrate on being a hospital and taking care of people. But I think that in today’s world, if you’re running one of those institutions, you need to be very educated into exactly what the threats could be and have a proactive plan of what’s going to happen if you do get attacked.”

Insurance companies are also taking note of the increase in cyber-security risks across numerous industries.

Cyber-security is one of the top board level priorities among insurers, according to a recent Moody's Investors Service report. Specifically, companies have greatly expanded their cyber-security governance, oversight, and investments. There are also more frequent and formalised cybersecurity reporting to executive management and their boards.

“Among survey respondents, essentially all maintain incident response plans for multiple cyber intrusion scenarios, and most insurers test their vulnerability to these annually," Moody Senior Vice President Alan Murray said in a statement.

“Cyber-attacks can have serious tangible consequences for insurers, exposing them to legal actions, regulatory scrutiny, fines and other expenses. In addition, an insurer's reputation is at stake."
The survey also found that cyber-security employment has increased nearly 30 percent over the past three years. Insurers have also widely upped their use of out-sourcing for cost-effective, current tools and expertise in securing systems and data.

HealthITSecurity:

Healthcare Starts Spending Big On Cybersecurity:

Stolen Health Records Flooding Dark Web Markets:

British NHS Hospital Trust Under Cyber Attack:

 

« US Has A Secret Cyberwar Going Against North Korea
CIA Silent About Wikileaks Agency Files »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Inspectiv

Inspectiv

Inspectiv offers a turn-key solution to continuously identify security vulnerabilities and provide security assurance.

Edge Security

Edge Security

Edge Security is an information security research and consulting firm of expert hackers.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.