At Trend Micro, we’ve been trying to draw attention to the growing cyber security threat facing healthcare organizations for some time now. With recent cyber-criminal targeting of healthcare organizations, it seems like a pretty good time to revisit our advice for others in the industry who want to stay secure on their journey to the cloud.
A threatening landscape
First let’s look at why this industry is so exposed right now. Patient data typically flows through multiple systems, across multiple entities and security domains. These could include patient portals, doctors’ Electronic Health Records systems, medical devices, hospital data management systems, government health exchanges, and even POS systems. Patient data is on a constant journey, which also means there are potentially multiple points of weakness that could be targeted.
Add to this a current landscape in which hackers have access to readily available, relatively cheap targeted attack toolkits; a healthcare industry which has historically under-invested in security tools; and a high black market demand for confidential patient data, and you’re beginning to see a perfect storm for data breaches. It doesn’t help that healthcare IT leaders have to manage an increasingly complex mish-mash of new and legacy systems, on-premise and cloud environments, and a growing list of consultants, IoT providers and others.
With that backdrop, it’s perhaps not surprising that 42.5 percent of data breaches reported by the Identity Theft Resource Center last year came in the medical/healthcare sector – the most of any industry.
Five Ways to Secure Data
But help is at hand. There are a five simple steps healthcare IT teams can take to keep that all-important patient data safe.
- Keep legacy systems secure: Windows Server 2003 will reach end of life in July. Although you might be delaying migration because of cost, complexity and lack of resources, it will leave you exposed to new threats exploiting unpatched flaws. Deep Security can offer virtual patching to protect mission critical systems until you can migrate.
- Protect patient portals/data centers/medical records systems: Wherever data is – on-premise, cloud, or in virtualized or hybrid environments – it must be protected. Our Cloud & Data Center Security Solution can help.
- Detect/prevent breaches: Targeted attacks can breach your organization without ever alerting traditional early warning and defense systems. Fail to spot an incursion, and you could be hit with industry fines, reputation damage and legal costs. Trend Micro Custom Defense solution can spot and respond to anomalies in the network that might signal a targeted attack.
- Protect healthcare information on endpoints: Your organization could have patient information residing on mobile devices, laptops and multiple virtual and physical endpoints. The more endpoints, the greater the risk surface. Data loss is the number one cause of healthcare incidents so consider Trend Micro Complete User Protection to protect all your endpoints.
- Meet compliance needs: The healthcare compliance framework is complex, with multiple frameworks and standards that need to be adhered to from a cybersecurity perspective, including HIPAA, HITECH, and PCI DSS.
If you’re attending the HIMSS Annual Conference in Chicago April 12-16, stop by booth no. 7348 to speak to our experts about how Trend Micro solutions can help secure your healthcare data.
We invite you to attend our Lunch-and-Learn session at the conference about strategies to detect and respond to targeted attacks:
April 15, 2015 at 12:30 p.m.
McCormick Place Convention Center, Room S504 BC
Click here to learn more about how we can help you secure your healthcare environment.