Increasing Healthcare Cybersecurity Risks

Uploaded on 2017-03-27 in NEWS-Cybersecurity News, TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

As healthcare professionals and the organisations they work in become more connected through the use of IoT devices and BYOD strategies, then they must ensure that potential healthcare cybersecurity risks remain a top consideration.  

Failing to account for one endpoint device or having one employee click on a phishing scam email could lead to a large-scale data breach that causes headaches for both providers and patients.

In terms of healthcare cyber-security measures, employee education and comprehensive data security plans are increasingly being touted as key approaches for organisations to take.

At a recent cyber-security forum where Boston Children’s Hospital Senior Vice President and CIO Daniel Nigrin, M.D. discussed the cyber-security attack that happened at the hospital in 2014.

In that incident, Anonymous hackers posted certain BCH external website details that were not extremely sensitive, such as its IP address and web server infrastructure information.

While the hospital’s patient data was ever accessed, Boston Children’s had to shut down some of its Web pages and some patients and medical personnel were unable to access online accounts.

At the forum, Nigrin noted the importance of healthcare organisations implementing the necessary counter-measures, knowing which systems depend on internet access, and have contingency plans in place.

Furthermore, he said that entities must recognise how important email is to the organisation, and that alternate methods of communication should potentially be created.

Finally, security measures must be pushed through. There are no excuses, Nigrin stressed. For example, secure tele-conferences could be beneficial and organisations should make sure they know which threats are real.
Intermountain Healthcare CISO and Assistant Vice President of Information Systems Karl West also spoke at the forum, explaining that the demand for data access whenever and wherever has “increased productivity, but, at the same time, has elevated risk.”

Employees, contractors, and customers all pose the largest cybersecurity threat, he added, but education will be the best defense.

In a 2016 interview with HealthITSecurity.com, Robert Anderson, former executive assistant director of the FBI, also stressed the importance of employee education and proactive planning. Cyber-security measures must improve, he stated, especially when it comes to ransomware preparation.

Healthcare employees at all levels must be thoroughly educated on ransomware and how they need to react should an incident happen, Anderson explained. A proactive plan for what should happen after a ransomware attack must also be in place.

“The heads of the hospitals and the boards need to be educated on the different types of threats that face them in today’s IT and cyber environment,” Anderson stated.

“Most hospitals concentrate on being a hospital and taking care of people. But I think that in today’s world, if you’re running one of those institutions, you need to be very educated into exactly what the threats could be and have a proactive plan of what’s going to happen if you do get attacked.”

Insurance companies are also taking note of the increase in cyber-security risks across numerous industries.

Cyber-security is one of the top board level priorities among insurers, according to a recent Moody's Investors Service report. Specifically, companies have greatly expanded their cyber-security governance, oversight, and investments. There are also more frequent and formalised cybersecurity reporting to executive management and their boards.

“Among survey respondents, essentially all maintain incident response plans for multiple cyber intrusion scenarios, and most insurers test their vulnerability to these annually," Moody Senior Vice President Alan Murray said in a statement.

“Cyber-attacks can have serious tangible consequences for insurers, exposing them to legal actions, regulatory scrutiny, fines and other expenses. In addition, an insurer's reputation is at stake."
The survey also found that cyber-security employment has increased nearly 30 percent over the past three years. Insurers have also widely upped their use of out-sourcing for cost-effective, current tools and expertise in securing systems and data.

HealthITSecurity:

Healthcare Starts Spending Big On Cybersecurity:

Stolen Health Records Flooding Dark Web Markets:

British NHS Hospital Trust Under Cyber Attack:

 

« US Has A Secret Cyberwar Going Against North Korea
CIA Silent About Wikileaks Agency Files »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

DCIT

DCIT

DCIT is a specialist in providing comprehensive consulting and auditing services in the field of information technology, PROVYS development software and security system AuditSquare.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

Nigerian Communications Commission (NCC)

Nigerian Communications Commission (NCC)

NCC has established a CSIRT for the telecommunication industry to provide services and support for the prevention and management of potential cyber security related emergencies.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.