Part 3 in our healthcare breach series discusses broader tips you can apply to protect your organization.
Part one highlighted and discussed, “Recommendations for Closing IoT/IIoT/IoMT Security Gaps in Healthcare“. The second in the series highlights the broader errors in healthcare security.
Here are non-profit healthcare research firm ECRI’s full list of health technology hazards for the new year as stated by healthcare IT professionals:
- Cybersecurity attacks
- Supply chain shortfalls
- Damaged infusion pumps
- Inadequate emergency stockpiles
- Telehealth workflow and human factors shortcomings
- Failure to adhere to syringe pump best practices
- AI-based reconstruction
- Poor duodenoscope reprocessing ergonomics and workflows
- Disposable gowns with insufficient barrier protection
- Wi-Fi dropouts and dead zones
With Cybersecurity topping the list of serious concerns and issues, and attacks a near certainty, we offer tips to help you modernize your organizations people, processes and technology.
In 2020, most healthcare data breaches in the United States happened as a result of hacking or IT-related incidents. The number of such cases was 429. The next most common cause for data breaches was unauthorized access or disclosure, in 143 cases. Loss and improper disposal were the least common reasons of data breaches in the healthcare system of the United States in 2020. There were more data breaches of over 500 records in 2020 than ever before in the U.S. healthcare industry.
34% of Healthcare Data Breaches Come from Unauthorized Access or Disclosure
Visibility into access by both known and unknown users, intelligent interpretation of what activities are appropriate by user, and the fine-grained controls over blocking suspicious access and activity are critical in these times of sophisticated attacks.
Training staff has never been easier with web-based apps like Knowbe4. Documentation and processes are readily available on the web as well.
Keeping people, processes, and technology current on cyberthreats is key as healthcare IT departments continue to be stretched thin dealing with pandemic-related crises, which can often lead to routine security measures falling by the wayside, breaches going undetected for longer, and efforts to validate security of (and by) third-party partners falling short.
To shore up defenses, healthcare organizations need to establish a comprehensive risk management program and should classify their business associates by level of risk based on the type of data employees and third parties are able to access, geography, and department. Leading security platforms automate this key process for you, with several even integrating into SSO or Directory tools to accelerate setup.
Other steps organizations can take include establishing procedures and processes to vet third parties before granting them access to data, emphasizing security in any business agreement with third parties and working with cybersecurity companies for managed intrusion detection and response services.
Costs are High and Growing
By the end of 2020, security breaches cost $6 trillion dollars for healthcare companies. To add insult to injury, some hospitals even face legal action after restoring access to their network. Overall, 40,099,751 individuals’ records have been affected by exposures reported to the federal government so far this year.
There have been an 82% increase in cost in data leaks due to ransomware year on year.
To protect against ransomware and other cybersecurity risks, we recommend organizations adhere to zero trust principles, which consist of the motto “never trust, always verify.” It involves granting the least access necessary to perform a job.
Organizations should also deploy machine learning and advanced threat protection-enabled endpoint / XDR protection and other security.
A good number of security platforms, including WootCloud, natively incorporate Zero Trust principles, ML/AI, and monitoring capabilities to detect intrusion, persistence, AND exfiltration.
Our mission, like yours, is to provide your employees, students, faculty and more with a safe, user-friendly and secure environment by:
- Giving Full visibility – with RF and Network sensors seeing 100% of your devices and infrastructure encompassing all stages of attack – infiltration, persistence, and exfiltration
- Reducing Mean Time to Resolution (MTTR )– with AI/ML-powered, automated remediation that drives >70% reduction in threat hunting times
- Boosting User Experience – by reducing support ticket volumes, lowering alert noise for a >60% gain in operational efficiency (~1.4 FTE Service Savings per site/ per shift)
Each of these benefits on their own can offer 5-6 figure USD savings per year, shortening the payback period on your investment.
The perfect cybersecurity storm has arrived. Consider intelligent device and infrastructure security today.
To learn more in a zero touch, no obligation Demo or POC, please contact us.