Now more than ever, the healthcare industry is depending on internet-connected devices to improve patient care, organizational productivity, response time, and patient confidentiality. With the recent COVID-19 outbreak, the development of telemedicine and patient portal apps has come to the forefront in the industry. Along with digital health records and internet-connected medical devices, the healthcare industry has also never been more vulnerable to a cyber-attack.
As the global epidemic spread across the nation, doctors, dentists, and other medical professionals such as therapists were forced to rely on online visits with their patients. The increase in virtual appointments also brings new concerns of patient confidentiality. Patients want to know how safe is the information shared during these online visits. Are cybercriminals able to steal their personal information? Unfortunate, the answer is yes. The healthcare industry is vulnerable just as is any other industry. However, there are steps healthcare providers can take to protect patient privacy during virtual visits.
What are the privacy risks associated with internet connected healthcare?
With virtual visits becoming more common place, cyber criminals are licking their chops. Hackers look to take advantage of these opportunities by stealing the private medical and billing information of patients. Cybercriminals could try intercepting emails or video chats with information about preexisting conditions or personal problems you may be having. Once the information is obtained, they could potentially sell it on the dark web, use it for blackmail, or sell it to drug manufacturers who overload customers with advertisements.
Healthcare records are particularly valuable on black markets due to the information they contain can be used to steal your identity. The information they hold might consist of your birth date, Social Security number, medical conditions, height, weight, home address, and even a picture of you. Hackers can use this information to take out credit cards or loans in your name.
Providers may give their patients the option of ending their virtual visit by receiving health records through email or the medical provider’s online portal. Hackers may be able to steal the contents of your email messages or track the keystrokes you use to log onto your medical provider’s online portal. Just as medical providers are required to protect user information, so are all business entities.
5 Ways to Secure Your Healthcare Connected Devices
- Control everything that connects into your network. Managing network segmentation can help with risk mitigation and controlling a breach if one does occur. Network visibility is critical. And, in so many cases, the network acts as your key security mechanism to stop the spread of an attack. Network intelligence, scanners, and security solutions can all help reduce the risk of an attack or breach.
- Create security based on context and layers. Your security platform must work for you and question devices coming in to really understand where they’re coming from. When it comes to IoT and connected devices, contextual security can help isolate IoT solutions to their own network. Set up policies to monitor anomalous behavior and even traffic patterns. Set up additional filters for extra security; like shutting the network segment down if there’s a sudden rise in traffic.
- Centralize and segment connected devices. If you’re going to work with IoT and connected devices, create a separate network, monitor those devices properly, and set monitors to make sure you can manage all these connected tools and use IoT aggregation hubs that help further the control of devices.
- Align users and the business when it comes to more connected devices in healthcare. Ensure there is complete alignment between business and IT leadership units. This is the best way to gain the most value out of these devices and ensure you don’t fall into an IoT device hole.
- Always test your systems and maintain visibility. Never lose sight of your devices and build a good monitoring platform. The more things that connect into the network the harder it will be to monitor them all.
A plan for guarding against ransomware in the healthcare industry
So, what can hospitals, medical centers, dentists, and other healthcare providers do to guard against the threat of cyber-attack? Here is a simple five-point plan that will go a long way to helping healthcare professionals secure their defenses.
Stay up to date
Make sure that servers and PCs are up to date with the latest operating systems and antivirus solutions.
Retire unused IT assets
Consider if older machines, which are beyond updates or support, could be replaced or retired. The cost of doing so, and inconvenience of replacing older equipment will probably be less than the impact of a data breach.
Make sure everyone in the organization is familiar with ransomware methods and can recognize attempts to gain password credentials or circulate harmful links and attachments. Hospitals employ so many different and diverse professionals, covering a multitude of functions, that there needs to be a culture of vigilance across the entire organization.
Be prepared for an attack
Use different credentials for accessing backup storage and maybe even a mixture of file systems to isolate different parts of your infrastructure to slow the spread of ransomware. Healthcare organizations that follow the “1-10-60” rule of cybersecurity will be better placed to neutralize the threat of a hostile adversary before it can leave its initial entry point. The most cyber-prepared healthcare agencies should aim to detect an intrusion in under a minute, perform a full investigation in under 10 minutes, and eradicate the adversary from the environment in under an hour.
Create an Airgap
Three copies of your data, on at least two different media, with one stored offsite (e.g. cloud or tape) and one stored offline (e.g. tape). Having your data behind a physical air gap creates perhaps the most formidable barrier against ransomware. Tape can greatly speed up your recovery in the hours and days that follow an attack, especially if your primary backups have been disrupted. Tape is also supremely efficient for storing huge amounts of infrequently accessed medical records for a very long time. Tapes can also be encrypted so that even if they did fall into the wrong hands, it would be impossible for thieves to access or use the data.