Before we were even halfway through 2015, pundits had begun referring to it as the year of the health care breaches. And while no cyberthreat has garnered quite as much attention in 2016 as ransomware, health care organizations were actually hit harder this year than last.
According to Infosecurity contributor Tara Seals, the number of HIPAA data breaches rose 63 percent in 2016. Perhaps even more telling is that health care breaches have increased 300 percent overall in the last three years. Let’s take a look at why this happening, and what can be done about it:
Wireless Endpoints Are Partially to Blame
The main reason hackers target health care in the first place is because these institutions store a vast wealth of personably identifiable information (names, addresses, contact information, Social Security numbers and payment card data). The other key motivation for cybercriminals is extortion, since attackers are well-aware of the stakes involved with disabling a medical facility’s IT capabilities. Those parts of the equation haven’t changed, but cybersecurity perimeters most certainly have.
Every new wirelessly connected medical device that is deployed for the sake of enhanced patient care can also be exploited for network access. This includes computers on wheels used in hospitals, but also laptops, tablets, smartphones and even Internet-of-Things medical devices such as dialysis machines.
As mobile endpoints continue to become more central to patient care, protecting them from attackers must be a top priority; otherwise, we’re likely to see ongoing growth in the total number of intrusions suffered by the health care sector.
Better Device Management: A Big Step in the Right Direction
The use of wireless endpoints for medical purposes necessitates better device management.
Computers and other endpoints – whether used strictly for administrative purposes, patient care or medical procedures – require meticulous management. While perimeter security will always be a critical aspect of cybersecurity, the set-and-forget approach to protection isn’t enough to guard health care against intrusions.
What the industry needs now is a way to more holistically understand and manage their computing environment. This entails the deployment of active antivirus protection for desktops and laptops that constantly runs in the background. More importantly, health care institutions must use computer management software that allows them to do the following:
- Manage user access.
- Collect and analyze data pertaining to endpoint user sessions.
- Oversee software updates from a single dashboard.
- Provide a fast and easy way to remediate configuration drift.