Cyberattacks are increasing at an alarming rate. Hospitals are often targets, because they store a lot of sensitive data on their patients. Unfortunately, many cybersecurity experts in the medical profession are struggling to keep hospital data safe.
Patient Data Breaches Are Rising Quickly
A study published in JAMA Internal Medicine shows that 1,798 data security breaches involving patient data occurred over a seven-year period. These problems appear to have escalated over the latter end of the study.
These breaches affected hospitals in different ways. Some involved theft of patient data. Others involved ransomware and other malicious software. Bruce Y. Lee, Associate Professor of International Health at the Johns Hopkins Bloomberg School of Public Health and Executive Director of the Global Obesity Prevention Center warns that these problems have been disastrous for patients.
“And these weren’t small “oops” that affected just a few patients,” Lee writes in his column at Forbes.“These were cybersecurity failures either from hacks or mistakes that in each case exposed the records of more than 500 individuals. But don’t worry, hospitals and other healthcare providers usually only have your financial information, personal health history and lots of detailed information that can affect your job prospects, your credit, many things in your life, etc.”
These breaches can be very problematic for any healthcare organization. The PR nightmare alone could be devastating, unless the hospital is located in a rural community without any alternatives.
Since data breaches are getting a lot more attention these days, cybersecurity experts need to find adequate solutions, and quickly.
How Can Cybersecurity Experts Provide Better Security to Hospitals?
The risk of cybersecurity threats is not likely to waver anytime soon. Security experts need to address cybersecurity risks on several fronts. Here are some areas for improvement.
Setting Stricter Standards for Third-Party Vendors
A growing number of hospitals are outsourcing their cybersecurity functions to third-party organizations. Unfortunately, these third-party firms don’t always take appropriate precautions.
One of the biggest scandals erupted a couple of months ago. Tanium, a cybersecurity startup, unwittingly shared private data from one of their clients during a live demo. The client quickly protested that they never gave permission for any data to be shared.
Hospitals need to recognize the risk that third-party companies like Tanium pose if they don’t keep data secure. They need to require these entities to sign strict non-disclosure agreements to prohibit them from being reckless with patient data.
Protect All IoT Devices
Cybersecurity experts have traditionally focused on securing computer networks. However, Melissa Thompson, founder of HarcourtHealth reports that hackers are thinking outside of the box to find new ways to gain access to sensitive patient data. Many hospital devices are connected to the Internet of Things (IoT), such as CT scanners, MRI machines and dialysis pumps. Cybersecurity experts need to make sure data on these devices are properly secured to keep patients safe.
Communications With Other Healthcare Organizations Need to Be Secured and Encrypted
Hospitals frequently need to collaborate with their colleagues in other facilities, particularly when they need records for new patients. Unfortunately, these communications can easily be intercepted by hackers if the right precautions aren’t taken. It is important to make sure all hospital communications are properly encrypted.
Have BYOD Security Protocols
Many hospitals traditionally prohibited employees from bringing their devices to work. This was an attempt to be compliant with HIPAA requirements. Most hospitals realized that prohibiting employees from bringing their smartphones and tablets was an unreasonable expectation, so they laxed their rules.
Unfortunately, some hospitals have become too lenient. They failed to consider that hospital employees may take pictures within the hospital, which can include patient information. Even if they don’t intend to capture any personally identifiable information on patients, the patients could be exposed if they aren’t careful. Hackers could gain access to their devices, since the hospital has no control over their security.
Employees need to be told that they can bring their devices to work, they are not allowed to take pictures that have patients or any records. There need to be clear penalties in the employee code of conduct if they don’t abide by this policy.
Hospitals Need to Do a Better Job Protecting Data Security
Data security is a growing concern for most hospitals. They need to invest more efforts in developing effective cybersecurity solutions to stay compliant with HIPAA and other security regulations.