Healthcare Cybersecurity Weekly Briefing 04-06-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Important Cybersecurity Practices for Healthcare Organizations
With the increasing sophistication of attacks on health groups, IT professions need to be alert. It is essential to understand the importance of adapting the best possible cybersecurity practices to protect healthcare organizations in the face of increasingly advanced cyber-threats. As cybersecurity needs to be prioritized to protect patient data, the following may prove useful[.]


Why Is Shadow IT So Common in Healthcare?
“Shadow IT departments are very common for academic medical centers due to the federated model of support for academics, research and patient care,” says Cris Ewell, CISO at University of Washington Medicine. Shadow IT deployments are common issues in many departments, including radiology, lab, finance, health information management, he says. In academic medical centers, those issues also extents to the university school of medicine and research IT departments, Ewell notes.


Securing IoT Devices in the Increasingly Connected Hospital System
However, a connected hospital doesn’t come without its own challenges. The Accenture report indicated that executives see the top two barriers— privacy concerns and legacy systems— as equal hindrances. These top two are only slightly ahead of the next three cited barriers: security concerns, technology immaturity and lack of budget. Despite all of this, inaction is not an option.


Healthcare CISO: ‘Hygiene and Patching Take You a Long Way’
You can’t protect everything. As a former national security adviser said, ‘If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds,’ [attributed to McGeorge Bundy, national security adviser to President Johnson and special assistant to President Kennedy]. You must understand what normal activities are and what your crown jewels are — and that takes a lot of time, effort and tuning.


Encryption & Controls: Reducing Insider Threats in Healthcare
Data from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR) suggests that personal information is vulnerable in healthcare – perhaps more so than other industries. The findings showed 58% of cyber security incidents in healthcare involved insiders. The insider motivation: 48% of the time it was financial gain. Some users sought data for fun/out of curiosity (31%), and convenience (10%). What’s more, 70% of cyber security incidents with malicious code were classified as ransomware attacks, suggesting that these strains remain a top concern for enterprise teams.


Insiders Pose Biggest Threat to Health Information Security, Report Finds
While unsettling, the large share of security incidents stemming from inside organizations is not a total surprise. A 2017 study by an international team of researchers found widespread sharing of EHR passwords among physicians and clinical support staff, putting patients’ personal health information at risk. Despite the media buzz around large-scale cyberattacks, hacking and malware accounted for just 14.8% and 10.8% of security incidents in healthcare. The most common cause was error, tripping 458 cases (33.5%). The next most common factor was unapproved or wrongful use of an organization’s resources (29.5%). Incidents involving missing laptops and other assets made up 16.3% of the incidents.


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.