Healthcare organizations are a prime target for hackers. Here are some ways to protect your business.
At this year’s HIMSS conference, security was the hottest topic by far. And the consensus was that healthcare CIOs are fighting a losing battle against today’s hackers.
Unfortunately when it comes to data breaches and cyberattacks, healthcare organizations are a prime target. Why are healthcare systems so targeted? A few reasons: 1) their IT infrastructure tends to be older and connected in lots of ways that create convenient attack surfaces, 2) shrinking IT staff combined with end-of-life equipment exposes vulnerabilities and 3) budgetary limitations and the requirement to share patient information with relevant groups create IT constraints.
Recently, large security studies by Experian and IBM have indicated that attacks on hospitals and other healthcare organizations have now impacted 80%-90% of the industry – and that number is only expected to grow.
So where does that leave healthcare organizations that are struggling to invest in cutting-edge IT infrastructure to protect against these sophisticated cyberattacks?
Steps you can take to protect your healthcare business
Luckily, there’s a silver lining. If you partner with a highly security-conscious cloud-based service provider, you probably have access to the same tools that most security studies are strongly recommending be fully implemented. It’s also worth noting that the target in most attacks appear to be identities (name, SSN, DOB, email), not medical history, making this relevant for any organization that stores information regarding customer’s identity.
Here are the primary attack vehicles that have been reported and what you can do to safeguard against them:
- Stop them from phishing for a back door and train users to look for these emails. In the past, users could avoid phishing scams by simply checking the destination of links before clicking the, or only opening links sent from known sources. Unfortunately, today’s phishing attacks are much more sophisticated. Anti-virus and anti-malware protection is a requirement, but needs to be backed up by elevated user awareness, and by having secure backups.
- Add an additional layer of security for logins. Even if your login credentials are stolen, having another layer of ID verification can help prevent against unauthorized access. This is where two-factor authentication (2FA) comes into play. With 2FA, users are required to successfully pass a second identify verification test to login, usually in the form of a code that’s generated through a text or within an app. This makes it much harder for an attacker to be successful. Intermedia provides this for our customers through AppID.
- Encrypt important information. Scrambling sensitive data is the next option, so that reading the data should require having a different (and additional) set of authentication credentials. Files can also be encrypted with disk, device or application passwords. Intermedia provides several encryption mechanisms, including secure (encrypted) file sharing, and encrypted email to protect transmitted documents.
- Updates and patches for all connected systems. Some CIOs are scanning their own networks using the same tools as hackers to identify vulnerabilities. The Intermedia security team is constantly monitoring all systems and access points as part of our commitment to providing real-time security for our audited SSAE 16 Type II standard datacenters. And that’s in addition to SOC 2 audits.
Choose a cloud provider with enterprise-class security and reliability
Discover how Intermedia’s healthcare solutions can help safeguard your company against potential breaches by visiting our website. Or give us a call at 800-379-7729 to learn more.