Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why Health Care Gets Such Flak for Its Cybersecurity

by The Gurus
May 18, 2018
in Opinions & Analysis
Share on FacebookShare on Twitter

The health care industry is consistently under attack thanks to cybercriminals who eagerly attempt to snatch valuable data, costing organizations substantial financial and reputational damage.

People often weigh in and wonder why the overall industry can’t sufficiently beef up its cybersecurity strategies. However, the headlines they see that alert the public about breaches and other issues don’t tell the whole story.

The Health Sector Appeals to Hackers

Besides the scope of the records to steal and the details that range from Social Ssecurity numbers to home addresses, hackers set their sights on the health care industry because, historically, it hasn’t kept up with the times.

A 2015 Sophos survey found 20 percent of respondents in the medical industry didn’t use encryption at all. Hackers are typically ahead of their targets. That means they likely knew about the widespread lack of encryption before researchers did.

Also, a profile of health care-related attacks in 2017 is especially eye-opening. In numerous cases, more than one security issue occurred on the same day in different locations. The frequency of attacks is a factor that’s urging health care organizations to spend billions of dollars over the next several years to make improvements.

Some facilities aren’t equipped to deal with large-scale attacks, which is alluring to hackers that want to earn notoriety for their efforts. In February 2016, ransomware attacks forced a medical center in California to endure a week-long computer shutdown while its employees relied on paper records and fax machines.

Internal Threats Are Severe

A recently released report from Verizon found the medical industry was the only one whereby internal members were the biggest risks to organizations.

The study found almost half — 48 percent — of the people on the inside who compromised data security were financially motivated, presumably aiming to use stolen data to open new lines of credit or take similar actions.

However, problems also arise when employees don’t treat data correctly due to human error or a lack of training. They might throw sensitive data into trashcans instead of shredding it, or make mistakes when sending paper documents to external companies.

Numerous Challenges Exist

Outsiders are not always aware of the massive number of obstacles involved in getting the health care industry well-equipped against cybersecurity attacks.

For example, all communications platforms used to transmit patient data must comply with the Health Insurance Portability and Accountability Act (HIPPA). This means that health care organizations have to follow strict rules in regards to the security of how they send and receive all patient information. While  this does help with potential security issues, it can be extremely time consuming, though some organizations hope to change that soon.

Another issue is that people in the medical field are characteristically time-starved and focused on patient care. That means they often find it difficult to fit security training into their schedules or understand why it’s relevant.

St. Luke’s University Health Network received recognition from the American Hospital Association for its all-encompassing data security strategies. St. Luke’s sends out a quarterly scenario for employees to go through and see why cybersecurity matters. That approach is reportedly working well, probably because it keeps hospital workers’ valuable time in mind.

Ransomware Attack Mitigation Is Getting Better

The news about health care and cybersecurity is not all bad. An investigation about efforts to implement ONC SAFER Guides — which include updated material about stopping ransomware — found that hospitals are taking the recommended strategies against seriously.

Although only 18 percent of the hospitals studied showed complete adoption, more than 81 percent fully implemented the infrastructure-related guidelines.

The recommendations aim to prevent and reduce downtime of critical hospital systems. When the guidelines are in place, fiascoes such as the one experienced by the previously mentioned Californian facility should become less prevalent.

A Collective Effort Is Necessary

The most effective cybersecurity strategies are ones applied across organizations. Since many hospital systems span across states and countries, keeping everyone on the same page isn’t easy.

Exercising compliance is not enough. Instead, all people associated with respective health care organizations must work together to reduce the damage caused by cybersecurity shortcomings and promote improvements.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Airports are ill-equipped to deal with a major cyber attack

Next Post

Beware the Black Axe Gang: Business Email Compromise Campaigns Observed in 2017

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information