The global healthcare industry remains one of the most vulnerable to security incidents, organizational breaches, and data compromises, with both internal external issues impacting the situation. Internally, healthcare organizations have low levels of data encryption and invest little in increasing the awareness of security best practices, which leads to weak management and protection of patient data. Externally, the cost of reselling hacked patient health records remains lucrative and strong, which drives the interest levels of global and regional threat actors to compromise these organizations.
Recent research reports by couple of organizations, provided empirical evidence of this wide spread malaise in the industry. Weak security practices not built into employee job descriptions, lack of understanding of the importance of data privacy, and malicious insider activities remain the principal drivers of the high levels of security incidents in the healthcare space.
Similar healthcare surveys, revealed insiders were responsible for network attacks. Insiders using mis-configured servers and employees falling victim to phishing scams accounted for two third of the incidents. Industry executives continue to point out that too many breaches are the result of accidental or negligent actions of end-users.
Cyber security is undoubtedly a board level issue now, as the need to keep key systems and data protected is now front of mind within the boardroom, as breaches make unwelcome headlines in the media. Working to deliver change is never simple and it takes time to develop the strong defenses required to protect your organization, here are our top five tips to get you started:
1 Map your risk profile
Healthcare organizations need to undertake a comprehensive assessment of their vulnerabilities including compromise scenarios. A comprehensive risk audit will help to define the required cyber security policies and frameworks, which will be easier to map out.
2 Identify best practices
Once a cybersecurity solution has been implemented in end-user healthcare organizations, it is necessary to develop best practice guidelines and educate all users on them to ensure the new solution and processes are as effective as possible.
3 Undertake breach and response simulations
All organizations live under the threat of a possible breach or compromise. Simulation testing allows every organization to improve their ability to protect the business from a real breach, but also ensure staff are able to work and maintain continuity of service in parallel. Response to such a breach, healthcare end-user organizations can improve their ability to protect business and maintain continuity of operations.
4 Identify the crown jewels
Healthcare end-user organizations need to classify data on the basis of associated levels of privacy and importance. Based on the levels of importance around data, they can define levels of security protection and the associated levels of investment required to protect that data.
5 Educating employees about cybersecurity
Education is key. Ensuring employees understand the importance of following basic cyber security best practice will help ensure systems are compromised less often. Global research continues to indicate that weak employee awareness is the cause of more than half of all healthcare breaches. With a focus on the above areas, healthcare organizations should find that improvements in employee security awareness and adoption of security best practices will deliver positive returns over the medium- to long-term horizon. - Sent by Harish Chib who is the Vice President of Sophos in the MENA region
By Harish Chib