Written By Lucy Peters
The current global health crisis is doing more than wreaking physical havoc; it is also affecting data security, exposing potentially sensitive patient data and putting the efficient functioning of healthcare organizations at risk. In some parts of the world, there has been a 150% increase in cyber attacks in recent months, with the stress of the pandemic causing many organizations to lose sight of cyber security at a time in which it is most under threat from new advancements in AI and other technologies that make attacks swifter and wider in scope. What are the main threats to data security in the healthcare sector and what steps can be taken to reduce them?
Prior to the COVID-19 outbreak, many organizations – including the Oregon Department of Human (ODHS) Services – fell prey to phishing attacks. Indeed, the latter suffered a breach affecting some 645,000 patients, compromising over two million emails after just nine employees responded to a phishing email. In order to counter this threat, organizations need to rely on technology such as multi-factor authentication to prevent malicious emails from making it to employees’ inboxes. Employee training is equally important in preventing cyber attacks; in some organizations, simulated phishing software is being used to train and test employees’ abilities to respond to such a threat. Investing in training is a highly efficient way to combat a problem that is costing companies hundreds of billions of dollars every year.
Research by Egress has found that about 63% of healthcare data breaches are caused by human error, while around 20% are caused by sending information to the wrong recipient. The famous UW Medicine breach (which exposed the data of around 947,000 patients) was caused by a misconfigured server that made private documents accessible to the public. Healthcare organizations should set up identity access management rules to be followed strictly by staff. They should also implement controls covering the printing of sensitive documents. New content aware print management tech tracks information on who printed a document, where it was printed, and the contents of a document. This can boost compliance and minimize security breaches.
Research by MarketsandMarkets indicates that the cloud model is increasingly appealing for healthcare decision makers, as most organizations need solutions to deal with an exponential growth of patient data. The benefits of the cloud are indubitable, yet alongside them comes a host of new threats — including malware and ransom attacks. Solutions to the problem include performing regular backups (these should be stored offline or in a separate network from the main one), encryption, and the conduction of a full cyber risk assessment on all third party vendors and contractors.
The healthcare industry is increasingly relying on digital sources for the storing of sensitive data. Some of the main threats it faces include phishing, insider breaches, and cloud security issues. These can be tackled both through education of personnel and through the adoption of effective solutions such as efficient IT management services, a regular backup system, encryption, and the reliance on a professional IT team that is on the beat when it comes to new developments in cybersecurity threats – including AI-based threats.