Cybersecurity is a pressing concern for every business. Even as the tools to prevent cyber attacks become more sophisticated, new kinds of threats and vulnerabilities emerge. It’s an arms race between hackers and defenders of private data, and it’s particularly acute in healthcare.
Electronic healthcare records have become one of the most sought after targets for cyber criminals, from state-sponsored espionage to run-of-the-mill hackers.
- The largest single healthcare security breach in the United States, in which 80 million patient records were downloaded from Anthem Blue Cross by hackers who had gained access through a phishing email, was perpetrated by a group with close ties to the Chinese government.
- One of the largest ransomware attacks was perpetrated by hackers who gained control of the Hollywood Presbyterian Medical Center network, shut down EHR access, and demanded $3M in ransom before care providers could regain access to patient records to continue treatment.
These two examples alone illustrate the range of threat vectors, from state actors to anonymous criminal gangs. There are as many motivations to steal patient records as there are ways to access them, creating a growing battle between healthcare administrators and cyber criminals.
Unfortunately, most healthcare providers are not catching up to the threats, even though they’re investing more time and resources to the effort. Recent studies show that less than half of healthcare IT professionals know how their organizations would respond to a ransomware demand, and less than a third have developed a Security Operations Center to organize their defenses.
So how do healthcare providers protect themselves in an era of accelerating threats?
The short answer is: holistically. You can’t just secure endpoints or build a wall around data storage and call it a day. It’s critical that security is addressed across all IT operations, from network infrastructure, through applications and endpoints, and out to all employees who access systems and data.
The good news is that the growing adoption of cloud systems and services does simplify some of these efforts by centralizing many points of data storage and access. The use of Thin Clients and Virtual Desktop infrastructure is another promising step toward improved security, reducing the number of systems capable of hosting certain types of malware, and limiting access to embedded controls on computers open to many users—for example at nursing stations or in exam rooms.
Red8 is a leader in network infrastructure and cloud systems and cybersecurity has always been a core function of our system architecture and operations. We address cybersecurity with our customers every day, and partner with leading equipment manufacturers and software providers to deploy the most advanced security systems available to meet emerging threats. If you need a security assessment to plan for the future, or you need advice on dealing with an active threat, email us at info@red8.com.