The internet of things has transformed the healthcare sector allowing practitioners to easily share information and deliver personalised treatments. Yet many experts in the security industry believe that of all the industries facing serious cyber threats, healthcare is possibly the most at risk. That’s because relatively speaking, healthcare organisations are still behind when it comes to security defences.
It’s also well-documented that external attackers have set their sights on protected health information (PHI). The value of medical records on the black market is at least 10 times higher than credit card data. Why? PHI contains more personal data points and cannot just be reissued in the event of a problem. Bank account details and passwords can be changed following a breach; but information about allergies, disabilities, mental health or hereditary conditions can’t. So securing this data and a healthcare institution from these calculated threats should be a top priority.
The nature of healthcare requires that organisations within this sector keep highly sensitive patient data on file. Doctors need to have this information to make informed decisions about patients, and the ability to easily share this information within a healthcare network has resulted in significant advancements in the way patients are treated. Personal and medical details are also used by staff who handle post care activities from post-op follow-up to billing. This reduces the admin involved and makes it a far more efficient experience for patients.
However, without the right security in place this data is left exposed to external threats, as malicious actors use targeted threats to infiltrate networks. Healthcare institutions need to have a cyber resilience strategy in place. This will help them defend against threats such as ransomware, allow continuous access to critical applications during an attack and provide the ability to recover data after a threat is neutralised. Equally important is making sure the organisation is insulated from mistakes by both well-meaning employees and malicious insiders. With the ubiquity of email, it’s not uncommon to find a breach where employees accidentally attach a spreadsheet or document containing PHI. A mistake like this could result in personal harm or defamation and will have severe implications for healthcare professionals.
- The author is managing director, Mimecast MEA