National Health IT Week, Don’t Forget to Focus on Cyber Security
By: Carolyn Crandall, CMO
While nearly every industry has experienced an increase in data breaches, the medical/health sector is being hit the hardest. According to Identity Theft Resource Center (ITRC), the medical/health care sector leads all others so far this year, posting a whopping 36.1% of all data breaches. National Health IT Week, September 26-30th, is a great opportunity for the industry to remember to share the importance of cybersecurity: both technology that can be used to combat attackers and recommendations on how individuals can help keep their individual and organizational information safe (attacker that have tricked you are using “social engineering” techniques you should be aware of and avoid).
Started nine years ago by the Healthcare Information and Management Systems Society (HIMSS), NHIT Week was designed as a collaborative forum and virtual awareness week that assembled key healthcare constituents – all with one goal in mind: advancing health through the best use of information technology.
This yearly event, with a projected 400 partners, brings this important cause to the forefront of the nation’s attention through local and regional events hosted by partners of National Health IT Week.
This is terrific and the programs that are going to be highlighted can be found at http://www.healthitweek.org/. Given the current state of healthcare cybersecurity, I would strongly suggest that HIMSS should also include something on the technologies and social best practices that can keep patient information and patient care devices safe.
Here are tips I really like from John Martinez of CoreRecon:
- Have a PlanEvery healthcare business that uses any IT resources, particularly those with point-of-sale systems (credit/debit cards), which are inherently more open to abuse, should have a solid cybersecurity plan in place and a reliable solution for promptly dealing with incidences as soon as they arise.
- Make Sure Your Systems Are CurrentThe world of computing is changing fast as software and hardware developers battle tirelessly against cybercriminals by releasing regular updates for their products. Many of these updates, particularly in the case of operating systems, address potential security flaws as soon as they arise.
- Change Passwords RegularlyChanging login passwords for networked computers as well as any online resources you use on a regular basis is a matter of good practice. However, it’s doubly important in the case of businesses or healthcare, particularly when employees come and go.
- Perform Regular Security Audits
Get into the habit of performing regular security audits of all potentially sensitive IT assets, such as computers, laptops, printers, cameras, routers, point-of-sale systems and servers.
- Prepare Your Staff
Safeguarding your business’s digital assets and Healthcare with Electronic Patient Medical Records is a major undertaking that should involve your whole team. In Healthcare the Office for Civil Rights (OCR) provides guidance of Security Management Process standard in the Security Rule
- Back Up RegularlyAlthough a good defense against cyberattacks is critical, the chance of becoming a victim will always be there, no matter how hard you try. You should prepare for the worst by regularly backing up sensitive data and having a disaster recovery plan to fall back on.
Prepare for the Worst
Ultimately, the statistics all show that even with all of these best practices, you are likely to have an attacker get into your networks. What to do then?
Attivo Networks solutions provide deception based threat detection that provide the much needed early detection of threats that have made their way inside the network. Deception techniques help healthcare organizations dramatically increase the speed in which in- network threats are uncovered, understand an attacker’s intent and establish a defense against future attacks. Attivo techniques are proven to detect threat actors attempting to gain access to patient records and information stored in data centers, medical devices used to treat patients. The solution will also provide visibility to threats that are infiltrating through bring-your-own-devices (BYOD) used by doctors and staff.
The Attivo ThreatMatrix™ solutions empower organizations with an advanced deception and response platform that delivers early detection, insight into attacker threat path vulnerabilities, in-depth analysis, forensic reporting, and automations that can dramatically improve an organizations incident response time. The ThreatMatrix Deception and Response Platform is designed for user networks, data centers, cloud, IoT, and SCADA environments and will turn the entire network into a mirror of deceptions and traps for attackers. The ThreatMatrix solution provides early detection of attackers that are inside the network, improving an organization’s time to detection (TTD) and the overall time to respond (TTR).
Protecting the medical/health care sector is most critical; it holds vital patient information that could mean the difference between life and death or at a minimum a severe inconvenience to patients as they combat the effects of stolen identity information. As this sector continues to be targeted, it is important to raise awareness and highlight the importance of protecting critical medical/health sector assets and to provide efficient and effective solutions to help prevent a breach and/or tampering with medical devices.
Initiatives like NHIT Week present the perfect opportunity to generate awareness not just for the use of IT but the protection of IT, paving the way for a more secure healthcare industry.