3 Common cybersecurity weaknesses ailing hospitals

Healthcare companies and institutions are prime targets for identity theft schemes. Just think of the information your doctor’s office keeps on record, or the personal details about you that a hospital collects at “intake.” The U.S. Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act seeks to increase the security and protection for patients’ data including contact information, Social Security numbers, geographical identifiers, biometric information and more. However, if a third-party attacker can obtain that sensitive data, she gains the ability to completely alter the lives of individual patients – and the reputation of the institution.

Unfortunately, as DataGravity CISO Andrew Hay recently explained in a Q&A with Bloomberg BNA, “identity theft is a booming business.” Sensitive data extortion can fetch a major price tag, which paints a consistent target on the backs of hospitals, medical insurance firms, biopharmaceutical companies and healthcare research firms alike. In order to manage these ongoing risks and protect patient data, organizations in the healthcare space must be aware of common cybersecurity weaknesses, including:

  • Shared services, such as computers, mobile devices and data repositories, which can expedite information transfer while introducing security risks for the data in transit;
  • Network and Internet-connected medical devices, which increase the attackable surface area of a network; and
  • A lack of training and understanding of security requirements that concern personally identifiable information (PII) and protected health information (PHI).

With these weaknesses in mind, what steps can hospitals and healthcare firms take to increase protection for patient data? And, what can patients do to take security into their own hands, and better protect their own sensitive data?

For tips, download Andrew Hay’s interview with Bloomberg BNA.

  Like This
John Joseph

John Joseph

President and co-founder of DataGravity, John Joseph leads company’s sales, marketing, operations and customer initiatives. John previously served as vice president of marketing and product management at EqualLogic, leading these functions from the company's initial launch through the successful acquisition by Dell in 2008. He subsequently served as vice president of enterprise solutions, marketing at Dell for three years after the acquisition.