June 3, 2016 • Published by Steve Robb
Internet of Things • Network Security • Vulnerability Management
2015 became known as “the year of the healthcare breach,” with healthcare hit hard and representing over 39 percent of known breach events. Since that time, cyber criminals have not let up. Healthcare organizations of every size are realizing they can no longer afford to ignore the risks they are exposed to on a daily basis.
It's critical that today's healthcare organizations protect patient data, yet adoption of new technologies and the rapid digitization of patient data have outpaced their ability to secure the data these technologies come into contact with. Like many industries, healthcare has gradually been working to catch up.
The Internet of Things (IoT) has increased our security problems by multiplying the number of accessible endpoints, creating an opportunity for people who want to creep into our systems and get access to our information. Nowadays virtually anything can be hacked; basically, if it attaches to the network to transmit data, the bad guys can get to it if they want to badly enough.
The healthcare industry in particular falls into the category where a lot of technology is being connected to the Internet to enable continuous monitoring, analysis and transmission of data. This system is undeniably beneficial to medical practitioners, especially because it provides a much more complete picture of what’s happening with the patient.
But again, the downside is that the Internet is accessible by anyone, anywhere in the world—and that includes the bad actors. This reality has made healthcare cybersecurity a moving target, in that healthcare organizations can't at any point in time say "now we're secure and can move on with our day-to-day activities." Cybersecurity is a day-to-day activity and must become an integral part of “business as usual.”
The influx of new technology and its potential to facilitate security breaches has become increasingly difficult to keep up with. It's essential that IT leaders understand how to classify the assets they are trying to protect. In other words, you have to know what the sensitive data is, where it is and how it flows through your organization's systems and processes.
But it doesn't end there. Recently I sat down with C.W. Hall and Jay Shaffer of Health Connect South Radio to talk about the issues surrounding healthcare cybersecurity. We covered a lot of ground, including the important aspects of various security and compliance controls like multi-factor authentication and network segmentation. We also discussed the benefits of performing regular security risk assessments as well as other strategies for putting strong security measures in place.
If your healthcare organization is struggling to shore up its cybersecurity efforts, ControlScan can help. Click here to learn more about the ControlScan | Health solution, a specialized grouping of technologies and services to help your business raise its security posture while simplifying the compliance process.