2021 Cybersecurity in healthcare

December 16, 2020 | Bindu Sundaresan

Breaches and cyberattacks are on the rise in the healthcare industry. The recent acceleration of digital technology and connectivity within Healthcare has led to significant patient care delivery improvements, more effective population health management, and better patient outcomes. With this increased technology and connectivity, however, comes increased exposure to cyberattacks that can impact patient care delivery, safety, and privacy.

Diagnosis, prognosis and a prescription to help cure

Diagnosis:

  • Healthcare data valuable in the black market
  • Connected medical devices vulnerable
  • Medical data availability is as vital as Confidentiality, Integrity
  • Business Associates and Security Risk (Supply chain)
  • Compliance regulations scrutiny
  • Legacy systems (still uses end of life OS)

Prognosis:

  • Threat intelligence information on Healthcare
  • Future of telehealth in Healthcare
  • Post COVID threat landscape shift
  • Prescription for cure
  • Proactive best practices
  • Lessons learned based on current diagnosis
  • Digital risk management in Healthcare

Prescription to help cure:

  • Verify that data is backed up frequently.
  • Frequently test restore procedures on randomly selected files.
  • Review the threat surface regularly or each time a system is implemented.
  • Require strong, complex passwords and change them at regular intervals.
  • Use only authorized software on the enterprise network environment.
  • Use the “Principle of Least Privilege” approach to user accounts and data access.
  • Establish controlled entry points for a remote network or data access.
  • Implement network monitoring and benchmarks for “normal” activity.
  • Conduct tabletop exercises to test cybersecurity response plans.
  • Implement multi-factor authentication.
  • Provide that file encryption utilities are enabled on portable user devices.
  • Offline off-premise backup to facilitate recovery if backups are compromised.
  • Segment the network.

Healthcare information workflows

The flow of healthcare information follows the patient, starting at the doctor’s office, to laboratories, imaging centers, pharmacies, and other care facilities. This natural flow of medical records provides many points where information security must be considered and proper processes implemented. While extremely beneficial for patient healthcare, increasing interconnection also raises risks related to patient privacy and confidentiality. There is a heightened consumer awareness regarding the confidentiality of sensitive information. The potential impact of reported data breaches has caused consumers to expect and demand the protection of their personal health information.

As healthcare operations benefit from advancing technologies which promote information sharing, it is necessary to build and use the appropriate information protection framework to help preserve the integrity and protect the confidentiality of Protected Health Information (PHI.)

Are you ready for an information protection framework focused on health information in 2021? Keep in mind all the different threat vectors and the eight security dimensions, as shown in the figure below.

healthcare data breaches

Bindu Sundaresan

About the Author: Bindu Sundaresan

Director, AT&T Cybersecurity. Bindu Sundaresan is currently responsible for growing the security consulting competencies and integration with the AT&T Services and Product Offerings. Bindu is a security SME (subject matter expert) with the judgment and experience to right-size and customize information security solutions that both accommodate and enable business growth. She has worked to establish enterprise vision, strategies, and programs for Fortune 50 companies to ensure the confidentiality, integrity, and availability of information assets – thus protecting and enhancing multimillion/billion-dollar revenue streams.

Read more posts from Bindu Sundaresan ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via email

RSS

Get price Free trial