Due to recent social distancing regulations, there has been a peak of digitization in most industries, including healthcare. Throughout the world, digitization helps provide people medical care and assistance. However, as more healthcare data moves to online and cloud environments, it is exposed to an increasing level of risks. This article offers a number of strategies to help healthcare providers prevent security vulnerabilities.
Cyber Mistakes in Healthcare: Vulnerabilities and Misconfigurations
Unfortunately, despite strict compliance regulations, there are still many exploited vulnerabilities misconfigurations that occur in healthcare systems. These issues can result in serious breaches of security and patient privacy and must be corrected.
Some of these issues are outside of your control. For example, if vendors unknowingly leave bugs in software or have not yet provided a patch for known vulnerabilities. Others occur due to poor management or lack of best practices. For example, not properly restricting access privileges or not encrypting data.
To give you a better understanding of the types of mistakes that can occur and the impact, consider the following breaches.
|Source||Type of incident||Impact|
|Center for Orthopaedic Specialists – Providence Medical Institute (PMI)||Infection with ransomware granted access to patient data||Health records of 85k patients exposed|
|MedWatch LLC||Information exposed to search engines via misconfiguration of online portal||Medical records of 40k patients exposed|
|Kalispell Regional Healthcare||Misconfiguration of calendar access privileges dating back to 2011||Appointment and clinical information of up to 37k patients exposed|
|Children’s Minnesota||Misconfiguration of calendar access privileges dating back to 2011||Appointment and clinical information of up to 37k patients exposed|
How Healthcare Providers Can Prevent Security Vulnerabilities
The variety of risks that come with digitizing and moving records online may seem overwhelming. However, most risks can be eliminated or significantly reduced by adopting a few best practices. These best practices can also help you ensure that you are meeting compliance guidelines.
Control information access
Creating strict access policies is one of the first things you should do to secure your systems. These policies should carefully define who can access system information and what they are allowed to do with it. These policies should also ensure that all access and use is carefully logged and auditable for accountability.
When setting up access permissions, you should start with creating permissions roles that define classes of access. For example, clinicians may need to be able to see all medical information while administrative staff may only need to see billing or personal information. Also, make sure to only give the minimum permissions that are needed for an employee to perform their job.
By creating role-based categories you can better ensure that permissions are granted consistently. You also make it easier to update permissions in the future if needed. By strictly limiting these permissions you can help ensure that employees don’t intentionally or accidentally modify data that they shouldn’t. You also reduce the damage that can be done if credentials are compromised.
Stay up to date on vulnerability information
Your security team should have measures and practices in place to ensure that your systems are consistently updated and vulnerabilities are covered. When security patches are released or vulnerabilities are made public your team needs to be alerted and they need to respond appropriately.
One of the best ways to ensure that no vulnerabilities are missed is to incorporate information from vulnerability databases into your security tooling. These databases can keep you informed about what vulnerabilities exist, what systems issues affect, and how to remediate those issues.
There are many databases out there that you can use, including many open-source options. To ensure that you have the widest coverage of information, try to ingest data from multiple databases. Ideally, you should ingest this data into a vulnerability scanning tool that can inventory your system components and alert you when a relevant vulnerability is made public.
Establish a security culture
Incorporating security awareness and policy compliance into your daily workflows is vital. Many cyber incidents stem from mistakes made by employees, such as accidentally sharing data or using weak passwords. When employees are properly educated on the importance of security procedures and trained to identify security risks, they are more likely to comply.
Additionally, creating a culture of security helps ensure that employees do not work around security measures. The communication that comes with developing this culture also helps security teams implement measures that do not impede workflows.
Some important aspects to include when developing your culture are:
- The importance of not sharing credentials
- What makes a password secure
- How to recognize phishing or malware
- Procedures for sharing patient records
- How to report security issues
Centralize your security
Centralizing your security helps you ensure that all of your systems and web portals are protected. It enables your security team to work more efficiently and effectively since they can monitor and respond to issues from a single location or solution. It also enables teams to use tools that can correlate potential threat activity across your system, making it more likely that threats are detected.
One of the most common ways centralization is achieved is with a system information and event management (SIEM) solution. These solutions collect and analyze data from all of your security tooling and system logs and alert teams when suspicious activity is found. Since data is already collected and correlated, these solutions can help security teams quickly evaluate and eliminate threats.
Many SIEMs have the added advantage of being able to perform behavioral analysis of network events. This means that you can more easily identify if credentials are being abused, for example, if employees access health information that they shouldn’t.
The consequences of a regular data breach range from monetary fines to loss of brand authority, and sometimes even bankruptcy. However, the consequences of a breached healthcare environment can be a matter of life and death.
To ensure the security of healthcare data, providers should implement a number of strategies. Security strategies for healthcare providers include enforcing granular access controls, as well as staying updated on vulnerabilities and prioritizing mitigation on a continual basis.
For improved visibility and better control, you can also centralize your overall security. However, what could help most is establishing a security culture that educates personnel and reduces the scope of insider threats. This can help enlist connected users to the overall protection of healthcare networks, systems, and data.
Leah Fainchtein BuenavidaI'm a technology writer with 30 years experience, covering areas ranging from fintech and digital marketing to cybersecurity and coding practices.
Photo by Digital Buggu from Pexels