Healthcare is now the #1 target of cyberattacks in the US. According to the US Department of Health and Human Services, more than 111 million people had their personal information compromised by hacking in 2015, a 6,100% increase over 2014. Now that protected health information (PHI) is the target of extremely advanced persistent threats, organizations need a more sophisticated approach to security – one that eliminates as many vulnerabilities as possible.
At IIS Technology, we recommend a holistic approach to security. That means implementing protections for every layer in the IT Solution Stack – from the devices used to access and collect information to the systems that store it across the organization.
Healthcare institutions now use a greater number of mobile devices, connected lab equipment, patient sensors and more to provide care. This increase in mobility and IoT integration has created a number of vulnerabilities that must be secured. Strong access control and authentication policies coupled with IDS/IPS solutions with malware and antivirus software help mitigate risk at this level.
Traditionally, hackers aimed DDoS and other attack vectors at networks to create a pathway to PHI. At this layer, patching is almost as important as the technologies used to preempt attacks – firewalls, intrusion prevention systems and web URL filtering solutions. While 95% of IT security spending focuses on perimeter security, today this is not a sufficient deterrent against attack, nor does it provide the highest ROI.
As sophisticated hackers maneuver through the network, they typically target routers, switches, DNS servers and authentication systems for the credentials they need to access sensitive data. In 2015, network servers in healthcare organizations were targeted over 100 million times. We recommend strengthening authentication, authorization and accounting policies across the infrastructure. To detect malicious activity at this level, it’s important to aggregate threat information with a security information and event management (SIEM) solution and implement analytics to detect the anomalies that betray unauthorized intrusion.
Today, 80% of breaches begin with hackers exploiting vulnerabilities in applications and operating systems. They currently use an unprecedented number of malware, viruses and worms to create weaknesses in the full spectrum of applications deployed in healthcare organizations. Here, keeping up with patches is critical. However, it’s also important to actively test applications for weaknesses because cybercriminals change tactics as they find new ways to obtain PHI data.
In 2015, attacks on EMR data increased by more than 3,100%. With PHI data being the ultimate goal of most cyberattacks, it’s important to make sure that it cannot be used even if hackers manage to extricate it. That means encrypting the data when it’s at rest and in motion.
Today, personal information for one in three Americans has been compromised because their healthcare companies couldn’t adequately secure it. Because PHI is now more valuable than payment card information, healthcare organizations will continue to face an evolving threat landscape and an ever-increasing number of attacks. Only a complete security assessment can expose potential vulnerabilities and ensure that IT systems are protected at every level.
As a Hewlett Packard Enterprise (HPE) Platinum Partner, we have the expertise needed to detect vulnerabilities and recommend best in class security technologies to mitigate risks. Don’t let cybercriminals looking for a quick payoff create compliance issues – contact us for a security assessment today.