Well-established cybersecurity vendors like Trend Micro have long had something of a dual role in the industry. On the one hand, we work tirelessly around the clock and across the globe to keep businesses, governments and consumers safe from the latest security threats. But on the other, we’re also working to educate those individuals and organizations better about the threat landscape – to make the world a safer place in which to exchange digital information.
Healthcare is a focus for us right now on both counts. It’s a sector increasingly targeted by cybercriminals but also one in which some organizations have been slow to react to the threat of data breaches of Patient Health Information (PHI).
The goods
Healthcare records represent an extremely attractive target for cybercriminals, containing as they do various bits of sensitive information like Social Security numbers all in one place. This treasure trove of data can fetch a high price on the underground markets of the dark web, as it gives cybercriminals a greater chance of success in identity fraud campaigns. Given the value of this data, it is clear why the Identity Theft Resource Center’s latest 2014 Data Breach Category Summary found that healthcare accounted for 43 percent of all breaches year-to-date.
With this kind of backdrop, it’s not surprising that the non-profit ECRI Institute listed “data integrity failures with health IT systems” as its number one patient safety concern for 2014. When you see that this came above even drug shortages or test result reporting errors, it’s obviously a serious issue.
Top challenges
The challenge for IT and security professionals working in healthcare is that they must improve data protection without impeding healthcare professionals’ speedy access to potentially life-saving patient information. Combined with the sheer size and complexity of many hospital IT environments, it’s certainly an uphill task, but it’s not an impossible one.
Here’s a brief list of some key challenges facing health IT workers:
- BYOD, Big Data, Internet of Everything
- Incident Response – Cyber Disaster Recovery
- Virtual Desktop Infrastructure – Mobile Computing
- Access Control
- PHI DLP
- Application Vulnerabilities (legacy and new)
With the attacks themselves getting more covert, targeted and insidious, health IT workers will have to up their game to minimize the risk of more damaging PHI losses. In the next two blog posts, we’ll explore how threat intelligence and a few key best practice steps can help.
