Blog article
See all stories »

Prevent Hacking: Needed Data Security Framework For HealthCare

Man typing on the keyboard

Healthcare Industry continues to be a lucrative market for hackers. From 2017 to 2018, a large number of personal data frauds have been reported in the U.S. that highlights the imminent danger that the industry is facing. While some attacks have financial motives, others are purely to get personal data for other illegal uses. The latest phishing attack has been reported in Wincon’s Unitypoint Health Meriter Hospital whereby about 1.4 million patient records have been breached by a phishing attack. This is the second attack on the hospital, earlier a staffs e-mail id was attacked compromising the data security of 16,000 patients. These constant and increasing attacks highlight the inefficiency of the computer systems and outdated technology.

Endpoints Vulnerable to Cyber Attacks

  • Third Party Vendor Attacks

Healthcare providers are at a greater risk from external sources than internal. One might secure the internal computer networks, but the third party vendors are the endpoints through which hackers get access to personal data. For instance, a transcriptionist vendor in Orlando Orthopedic center left the servers open to the public during a software update. This resulted in a breach of patient’s data. This serves as a reminder for all healthcare institutions to review their third-party risk management.

  • Attacking Employee Accounts

Phishing attacks through emails are the most common cause of cyber attacks and these happen mainly through employee accounts. Employees and staff at hospitals fall victim to phishing campaigns and do not recognize a possible security threat. Opening the phishing emails that are targeted to steal the data cause a major security breach. At times, employees misuse the privileges that they have in terms of passwords access to key accounts. This highlights the need for increased awareness of employees to keep their access to themselves and not to voluntarily misuse their privileges.

  • Ransomware attacks on Medical Devices

Medical devices are another lucrative way for hackers to steal data. While Ransomware and cyber attacks are unceasing, another surface that is vulnerable to cyber attacks is the internet of things and medical equipment. The most common cause of these attacks is mainly due to patients usage of embedded networks, online chatting and downloading unvouched content that contains malware.

  • Account Access Through Mobile Devices

The increasing penetration of mobile devices and usage of internet to access patient profiles and medical records online are in a rage. Though these services have improved the point of communication between the patient and physician, this is increased the risk of cyber attacks. Internet used through mobile is not protected and servers are open to the public. Locations can be easily gauged thus making your personal records even more vulnerable to attacks. Therefore, mobile devices that have operating systems such as iOs or windows that ensure protection against cyber attacks are needed.

  • How To Shield Data: Security Framework

Cyber Attacks and ransomware through internal or external sources are unceasing and healthcare being a ripe industry, hackers leave no stone unturned to get to data worth millions of dollars. Therefore this creates a pressing need to aware hospitals and other healthcare service providers such as pharmacies and druggist to secure their networks and ensure proper staff training to eliminate the chance of malware entering your territories.

Third Party Risk Management: Managing third party risk is one of the measures to ensure protection against cyber attacks. For this, no matter the consequence of the vendor relationship, every vendor must be considered to protect your data. To this end, categorizing vendors according to their risk profiles as low, medium and high, and conducting due diligence and risk tests such as penetration test will help determine the chance of breach.

Training Staff: The staff and employees that have access to key accounts and passwords must not misuse their privileges and in other cases, they must be trained to understand the possibility of an attack through phishing emails. Though it often becomes difficult to track a phishing email, these are mostly characterized by misspelled words, capital letters and other unusual activity that makes them peculiar.

Changing outdated software: Another method to protect health data from cyber attacks is by constantly updating software and antivirus that can act as a shield against ransomware and phishing attacks. Innovating technology and at the same time using strong passwords that are unpredictable are the key ways to improve security protection.

Strong Passwords: For healthcare providers dealing with a lot of data becomes cumbersome. They resort to easy ways of handling online accounts and transactions by setting passwords that are easy to remember. Moreover, timely updating is passwords is usually not practiced. In this way cyberattacks become common. Therefore, for utmost protection passwords that are a combination of words, numbers and other special characters must be used.

The Bottom Line

As the healthcare industry is worth millions, the need to protect data is of particular importance. Patients trust their service providers and if that trust is breached then they don’t feel protected and their safety compromised. Besides, the impact of these attacks is mostly irreversible.




Comments: (0)

Blog group founder

Member since




More from member

This post is from a series of posts in the group:

Data Protection Act Issues

A place to discuss the DPA and other data storage issues.

See all