There are two main reasons the healthcare industry should care about who provides their IT services: security and compliance. In hospitals alone, the number of connected devices per bed falls in the 10-15 range. While connected devices take healthcare services to the next level, they do pose potential problems from an IT perspective.
According to Arcserve’s 2018 data, “64 percent of global IT decision-makers agree that protecting business-critical data has not become easier of the past five years, despite efforts to adopt solutions to simplify and reduce costs.” What’s more is that 93% of those same IT decision-makers say their organizations can only tolerate very minimal data loss from those applications, while only 26% of them feel their company could bounce back quickly enough to avoid damages.
With awareness growing around the lack of robust security for IoT devices, prioritizing device reliability should be at the forefront of your security plan. The trouble is that healthcare typically sets aside less budget for IT. Older tech eventually becomes weaker as developers prioritize newer systems with patch updates.
When combining outdated tech with the sheer number of devices in a concentrated area, this creates a playground for hackers. More devices = more opportunity for holes in security.
Where Hackers Look for Opportunities
Personal information theft in healthcare is incredibly lucrative to a hacker. It contains identifiable information, social security numbers, insurance accounts, financial information, and health records. Loss of this information creates an incredibly powerful motivation in victims to do anything to maintain access, making ransomware attacks all the more appealing.
Locking healthcare providers out of patient records can mean life or death for patients, so the payouts tend to happen quicker and at a higher price tag.
Here are just a few of the ways a security breach can affect your healthcare operations:
- Medication prescriptions can be lost
- Delayed ability to administer critical, life-saving drugs
- Medical research can become compromised
- Inability to access patient documents
- Inability to communicate across healthcare providers
Combat Information Theft
The best way to stop a problem is to prevent the opportunities that otherwise invite trouble. It’s wise to consider hiring a professional to assist in the security of your devices.
- Take inventory of all your devices. Know which ones are the most vulnerable and create a security plan.
- Segment your networks. This prevents a hacker from having access to all of your information at once by putting in required technical checkpoints to reach more sensitive information.
- Apply patch updates when they come out. Patches are created to address holes the creator of the device finds to be security threats. Implement them without delay.
- Have a dedicated team to monitor your security. It takes a lot of coordination to manage healthcare companies. An internal IT team may not have the expertise or the power to combat the myriad threats in cyberspace.
In healthcare, compliance requirements are stringent with little room for error. Between HIPAA, the Social Security Act, False Claims Act, HITECH, Patient Protection and Affordable Care Act, Drug Enforcement Administration and FDA, and the Department of Health and Human Services, there’s a lot to manage to before even thinking about how your devices play a role in each of those regulations.
Devices are becoming more ingrained in healthcare, which poses risks when you look at the data from the Ponemon Institute’s Medical Device Security Study.
- 60% of device makers and 49% of healthcare organizations say mobile device use is increasing security risks
- 80% of mobile device makers say they’re incredibly difficult to secure
- 61% of device makers and 65% of healthcare organizations do not encrypt data transmitted through devices
- Only 51% of device makers and 44% of healthcare organizations comply with FDA guidance on security protocol for devices
- 60% of device makers and 59% of healthcare organizations do not disclose security risk potential about devices with patients or practitioners
Currently, compliance is managed through training and individuals within organizations designated to abiding with regulatory standards. Devices are an entirely separate account of their own that’s not being minded with the level of priority as it should be. Each device creates more attack points and ease of entry for hackers. But how do you manage all these devices? Can you afford to hire enough internal resources to account for the mass amounts of knowledge required to protect your entire organization?
The simplest solution is to find a managed service provider whose job is to know which forms of compliance apply to your business and how to implement and regulate that in your technology.
Don’t Forget Your People
It’s not just your technology that needs to be properly managed. According to Proofpoint’s The Human Factor 2018 report, the largest security (or compliance) threat comes from your employees. It’s easy to focus on technological security and overlook basic training tactics that will make your employees wise to hacktics.
Find out how in our article on employee cybersecurity training.
Subscribe to our blog