Week 3
2017 Cybersecurity Threats
Cybersecurity trends and themes impacting healthcare
delivery system remains the bane of C-suite mangers in the healthcare sector.
In 2016, data compromise in the sector recorded one per day. On March 20, 2017,
1,300 e-PHI were compromised at UNC (University of North Carolina) Health Care
System (Daitch, H., Identity Force, 2017). HealthCare Dive identified four main
areas of vulnerabilities senior managers in the sector have to be concerned
with:
§ Poor cybersecurity
practices – some organizations not
following best practices arising from poor information security awareness and
education or lack of cultural attitude or cost of complying; poorly regulated
healthcare cybersecurity with organization depending on regulations to direct
them on what to do; varying levels of interest, lack of data encryption, poor
password selection and protection. Banner Health, for example, had a major
class action suit for being cybersecurity negligent, which resulted in 3.7
million people data compromised. In February 2017, Children’s Medical Center,
Dallas, was fined $3.3 million by HHS’ OCR for privacy breaches
§ Insider threats – 43% of healthcare
data breaches in 2016 resulted from insider threat – unintentional and
malicious (Protenus, Health Care Dive, 2017). BYOD, USB and mobile devices were
methods mostly used for the attack. However, cloud computing offers a safer
means of data transmission or storage.
§ Medical devices – these provide back doors that can be exploited. In
MEDJACK (medical device hijack) with the increasing introduction of medical
devices into the IoT (“Internet of Things”), it becomes pertinent for medical
device manufacturers to include security in the design and production of
devices. Although, device manufacturers are not constrained by HIPAA security
standards, but FDA has published guidelines for manufacturers to identify and
address inherent device vulnerabilities. The FDA effort is already yielding
results as St. Jude Medical had to recall its heart devices following
identified vulnerability that is capable of being exploited against patients by
malicious agents.
§ Ransomware – has been identified
as a top threat facing the healthcare delivery system and is expected to
increase in 2017.
The data breach trend continues with
Experian fourth annual 2017 report of data breach industry forecast anticipating
the following data breach trends: “aftershock password breaches will expedite
the death of the password; nation-state cyber-attacks moving from espionage to
war; healthcare organizations will be the most targeted sector with new,
sophisticated attacks emerging; criminals will focus on payment-based attacks
despite the EMV shift taking place over a year ago, and; international data
breaches will cause big headaches for multinational companies” (Experian, p.2,
2017).
Healthcare delivery systems are the
second most affected victims (18%) as reported in the 2017 Verizon Data
Breaches Investigative Report (DBIR). The financial sector was the No. 1 victim
(24%) of attack tactics of hacking (62%), malware (51%), stolen or weak
passwords (81%), social engineering attacks (14%), and physical actions (8%) (Bisson,
D. 2017). 75% of these attacks were perpetrated by outsiders, internal actors (25%),
state-affiliated actors (18%), multiple parties (3%), partners (2%), and
organized criminal groups (51%) (Bisson, D. 2017).
References
Daitch,
H. 2017 Dat Breaches – The Worst So Far. (2017). Retrieved (2017-24-6) from
Healthcare
Dive. 4 cybersecurity threats every hospital C-suite admin should be familiar
With, in 2017. (2017-27-2). Retrieved (2017-23-6) from http://www.healthcaredive.com/news/4-cybersecurity-threats-every-hospital-c-suite-admin-should-be-familiar-wit/436881/
Experian.
2017 Fourth Annual Data Breach Industry Forecast. (2017). Retrieved (2017-
Bisson,
D. 2017 Verizon DBIR Highlights: Analyzing the Latest Breach Data in 10 years
of Incident Trends. (2017-28-4). Retrieved (2017-24-6) from
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/highlights-of-the-2017-verizon-dbir-analyzing-the-latest-breach-data-in-10-years-of-incident-trends/
The healthcare industry has grown massively in the last decade. This sector continues to be dynamic in both policies and data. Therefore traditional means of managing this massive data is simply impossible.Healthcare Cybersecurity San Antonio
ReplyDelete