Birthdates, addresses, treatment histories, payment information—healthcare organizations collect an ever-growing variety of data. Protecting that data is paramount as healthcare security threats evolve and threat actors grow bolder. Even with the most sophisticated technical protections in place, human error can create security vulnerabilities that are all too easy for cyber criminals to exploit.
The threat healthcare security landscape
Verizon’s 2020 Data Breach Investigations Report deconstructed 798 healthcare security incidents in 2020, of which 521 resulted in the disclosure of sensitive patient data. And not all of the attacks came from external culprits —48% of them came from inside the organization. Some “insider attacks” were intentional - employees abusing their access privileges -- and some were accidental because of poorly-designed processes.
Ransomware, though, is the biggest threat in healthcare security, and it will only become more pronounced as more devices connect to networks. The Healthcare Information and Management Systems Society reports that credential-stealing software, phishing emails, distributed denial-of-service attacks and remote-access trojans are also pressing healthcare data security risks, especially in an era where remote work is the norm.
Even as it helps drive innovation and better care, new technology can open the door to new threats. Emerging technologies such as 5G collect and transport data more efficiently. 5G reduces latency, increases reliability and performance, and when paired with artificial intelligence can accelerate security automation efforts. But 5G-enabled applications and devices can also open up additional attack vectors and entry points if organizations do not have robust threat detection and incident response strategies in place.
Facing the healthcare data security risks
Healthcare organizations can better prepare for new threats by securing their networks, monitoring endpoint and mobile device security, strengthening identity access management and implementing robust data governance strategies that dictate who can access data, when they can access it and what they can use it for.
Network, endpoint and mobile device security are critical as hospitals and healthcare data security systems embrace telehealth. IT teams will need a holistic view of every device and third-party system trying to access their networks, and they will need to adopt a unified approach to enterprise security.
Interoperable security solutions that provide an end-to-end view of network activity from a single dashboard can help health care IT teams strengthen their security operations. Thorough acceptable use policies, continuous vulnerability testing and risk assessments, better vendor management and ongoing employee training can also go a long way toward mitigating threats.