3 Common cybersecurity weaknesses ailing hospitals
Healthcare companies and institutions are prime targets for identity theft schemes. Just think of the information your doctor’s office keeps on record, or the personal details about you that a hospital collects at “intake.” The U.S. Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act seeks to increase the security and protection for patients’ data including contact information, Social Security numbers, geographical identifiers, biometric information and more. However, if a third-party attacker can obtain that sensitive data, she gains the ability to completely alter the lives of individual patients – and the reputation of the institution.
Unfortunately, as DataGravity CISO Andrew Hay recently explained in a Q&A with Bloomberg BNA, “identity theft is a booming business.” Sensitive data extortion can fetch a major price tag, which paints a consistent target on the backs of hospitals, medical insurance firms, biopharmaceutical companies and healthcare research firms alike. In order to manage these ongoing risks and protect patient data, organizations in the healthcare space must be aware of common cybersecurity weaknesses, including:
- Shared services, such as computers, mobile devices and data repositories, which can expedite information transfer while introducing security risks for the data in transit;
- Network and Internet-connected medical devices, which increase the attackable surface area of a network; and
- A lack of training and understanding of security requirements that concern personally identifiable information (PII) and protected health information (PHI).
With these weaknesses in mind, what steps can hospitals and healthcare firms take to increase protection for patient data? And, what can patients do to take security into their own hands, and better protect their own sensitive data?
For tips, download Andrew Hay’s interview with Bloomberg BNA.Like This