Deprecated: jetpack_lazy_images_blacklisted_classes is deprecated since version Jetpack 8.7.0! Use jetpack_lazy_images_blocked_classes instead. in /home/dbslmic1/public_html/wp-includes/functions.php on line 5088
Cybersecurity in healthcare—like the healthcare industry itself—is all about people, not the doctor’s office.
Patients’ quest for more control and improved health outcomes is driving the industry beyond the four walls of the typical medical setting. Today’s healthcare is moving towards something more expansive: an interconnected technology-powered ecosystem.
Wearable medical devices, electronic health records (EHRs), cloud-based data storage, and an avalanche of mobile health (mHealth) apps are transforming diagnosis, treatment and monitoring. Health data now flows well beyond the network perimeter.
Unfortunately, these advances have also expanded the opportunities for cyber crime, including:
- Stealing patient data
- Exploiting medical device vulnerabilities
- Siphoning off institutional data
- Holding patient records for ransom
Security is more critical than ever for healthcare organizations. At the same time, the sector has become one of the most easily targeted. Hospitals, for example, are falling victim to new kinds of cyber attacks such as ransomware and business email compromise (BEC).
Ransomware locks away victims’ data until they pay the attacker to unlock it. BEC attacks trick victims into sending money and sensitive data by sending email requests that appear to be from an executive.
These attacks target people rather than technical vulnerabilities. And for some medical facilities, they can be a matter of life and death. That’s why healthcare companies must take a people-centered approach to detecting, blocking, and responding to them.
Healthcare is adapting to patients’ changing needs. In the same way, healthcare-related cybersecurity also needs to evolve. Protecting patients—and their trust in you—means preventing, blocking, and resolving threats that target that data beyond your network perimeter.
There is no Perimeter in the Continuum of Care
Before the digital revolution, healthcare followed a clear path from provider to customer. Everything was contained within a static environment. Patients engaged with their primary care physicians, who then referred them on to a defined network of care providers.
Securing that environment was far more straightforward. All devices running on the network were controlled and largely located in one place or within a campus environment. Most clinicians also worked within that location. When deployed correctly, traditional perimeter-based security was a reasonable approach (albeit one that was not regularly used).
Fast forward to today’s healthcare environment. Healthcare consumers are using all manner of mHealth apps, wearable medical devices, and home based medical technology. They expect this technology to improve their care experience and provide more flexibility. Accustomed to the service and convenience of Amazon, Uber, and Instacart, they want the same from their healthcare providers.
New delivery models, new attack vectors
Safeguarding the network remains an important part of any hospital’s security posture. But clinicians are working in new ways. As a result, they have become much more vulnerable to cyber criminals. In today’s clinical workflow, care is coordinated across providers, insurers, and a multitude of devices. That means security must now extend beyond the hospital’s natural borders.
With email, social media and “bring your own everything” now the norm, perimeter-based security is merely a building block. A broader security strategy must focus on people—the ways they work and the ways protected health information (PHI) it stored and sent when coordinating and delivering care.
Protecting data everywhere it goes
Modern care provision goes way beyond health systems’ clinical staff. Patient health information now travels between a wide range of clinicians, third-party consultants, and business partners.
At the same time, advances in digital health will mean that a patient’s home will increasing resemble a mini clinic. They’ll use a wide variety of medical devices, all capturing, storing and transmitting patient data. And all of it needs to be secured.