Over 400 New Jersey Auctions End Tomorrow 04/25 - Bid Now
Over 1650 Total Lots Up For Auction at Four Locations - MA 04/30, NJ Cleansweep 05/02, TX 05/06, NJ 05/08

Spanish Spanish

Health care leaders need to rethink cybersecurity approach

by John W. Mitchell, Senior Correspondent | March 03, 2017
Health IT HIMSS
Share
According to information presented at HIMSS last week, nearly six billion private records have been lost globally to data breaches since 2013. Health care accounted for 27 percent of such losses, more than any other industry.

In 2016, the health care industry averaged about four data breaches a week, according to records from the Department of Health and Human Resources. Although ransom malware attacks only account for a little less than half of the breaches, they wound up costing $1 billion in 2016.

"Hospitals still rely on real-time information from patient records to provide critical care," Christopher Strand, senior director, compliance at Carbon Black told HCB News. "As a result, they will typically pay the demand rather than risk disruption or delay of care. This makes them easy targets for a successful ransom attack."

Strand said both ransomware and non-ransomware data attacks occur because health care leaders are often focused on the wrong parameters. His observation is supported by a 2016 study, titled "Securing Hospitals". The study was conducted on 12 health care facilities, two health care data facilities, two active medical devices from one manufacturer, two web applications, and other related platforms.

The study concluded that "the industry focuses almost exclusively on the protection of patient health records, and rarely addresses threats to, or protection of, patient health from a cyber threat perspective."

"Leaders may continue to fail to understand the threat, and what controls to focus on to address that threat," said Strand. " As I have seen for many years within IT security audits, when deciding on priorities and infrastructure to address, executives and administrators will drift toward the areas within their business that are governed by some type of mandate."

He explained that the focus tends to be on legislated policy rather than on the protection of patient information. This involves security audits, which can be the first failure in protection if done incorrectly and serve as a distraction from building a true threat prevention model. Too often, Strand stressed, many working within the health care industry may be unaware of how to measure risk to their critical data.
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS
PE firm Frazier HealthCare Partners acquires RevSpring from GTCR
Ransomware attackers claim they sold Lurie Children's Hospital data for $3.4 million on dark web