Cybersecurity Concerns In the Age of Digital Health

Guest post by Eduard Goodman, chief privacy officer, IDT911.

Eduard Goodman
Eduard Goodman

Earlier this year, Centene Corporation lost six hard drives containing personal and health information of almost one million of its clients, including names, addresses, dates of birth, Social Security numbers, member identification numbers and health information. Unfortunately, Centene is only one of many healthcare organizations that recently had their sensitive patient information exposed. More than 113 million health records were breached in 2015 – which translates to one out of every three Americans being affected by a healthcare record breach last year. Medical identity theft is a disastrous trend that needs to be addressed. The good news is there are many steps healthcare organizations can take to reduce the risk of data breaches.

Electronic Health Records

As more and more healthcare organizations transition away from paper medical records and move to electronic health records, it is critical that security features are put in place to protect the vast amount of data being collected. Just as the digitally stored health information is more easily accessible for employees, it is also easier for cyber criminals to access.  According to the Ponemon Institute’s The State of Cybersecurity in Healthcare Organizations in 2016 report, nearly half of those surveyed said their organizations have experienced an incident involving the loss or exposure of patient information during the last year. Strong encryption, routine vulnerability patches and multi-factor authentication are key to protect health data.

Mobile and BYOD

Greater connectivity means more convenience, but this also opens more doors for hackers to access healthcare networks. Healthcare organizations should set clear BYOD policies so employees understand what can and cannot be accessed from mobile devices, what operating systems are approved for use on the network, what security features and settings are required and what type of data can be stored on devices. While using mobile devices can significantly improve productivity, it is important to minimize security risks in order to protect sensitive data.

Internet of Things

The Internet of Things is a growing trend in the tech world that has also become popular in the healthcare industry. Now, medical devices can collect, track and share enormous amounts of data instantly through internet connectivity. As these medical devices were most likely added to pre-existing networks, they may not have the necessary security protections. Security vulnerabilities are not just limited to EHR and health networks anymore – medical devices must be thoroughly inspected as well. Just as computers and servers are patched for vulnerabilities, medical devices that connect to healthcare networks must also be regularly patched. If these IoT enabled devices do not have the necessary layers of security, they will become an easy target for hackers to access the healthcare network.

Continue Reading

Healthcare Records: A Hacker’s Roadmap to your Life

Healthcare Records: A Hacker’s Roadmap to your Life
Alex Horan

Guest post by Alex Horan is the senior product manager at CORE Security.

In 2012 we saw an increasing number of health breaches across the country – and across continents. We saw an employee’s lost laptop turn into a healthcare records breach of more than 2,000 sensitive medical records of Boston Children’s Hospital patients. We heard how one weak password allowed a hacker to access the Utah Department of Technology Services’ server and steal approximately 780,000 patients’ health and personal information. We even read about Russian hackers encrypting thousands of patient health records and holding the information for ransom for thousands of dollars.

Healthcare fraud or medical identity theft put both individuals and healthcare organizations at huge and severe risk. Since 2010, Ponemon Institute has annually benchmarked the progressing and evolving issues of patient privacy and security. The third annual study, released in December 2012, found that healthcare organizations still face an uphill battle in their efforts to stop and reduce the loss or theft of protected health information (PHI) and patient records. What’s more, data breaches can have severe economic consequences – and the repercussion costs are only climbing. The study estimates the average price tag for dealing with breaches has increased from $2.1 million in 2010 to $2.4 million in 2012. The report projects that the economic impact of continuous breaches and medical identity theft could be as high as $7 billion annually, for the healthcare industry alone.

Continue Reading