Cybercrime in healthcare: what needs to be done

With hacks and breaches hitting major corporations such as Sony, JP Morgan and the US Postal Service, the storage and protection of data came under intense scrutiny last year.

During this calendar year, the issue of online data theft has continued to cause alarm, with healthcare and the sensitive data stored by the sector being targeted. Such breaches and increasing concern has led to reform, closer auditing and additional resources being dedicated to cyber security in the health sector.

Healthcare A&E

The clearest example of this was the recent Anthem breach in February this year. The second largest American insurance provider was targeted by hackers, resulting in a data loss of over 80 million people – the largest data breach in history. Hackers gained access to the servers and extracted vital information, such as names, dates of birth and addresses.

While stolen credit card details can be combatted with a simple cancellation of the card, information stored by medical bodies, such as social security numbers, can cast the shadow of identity theft over people for years.

To the present day, further questions are being asked of the company and how they went about protecting peoples’ data, both through the processes implemented and the levels of access employees within the company had to the data.

Then, in March, the news broke of the Premera breach, a Chinese state-sponsored attack resulting in the loss of data for 11 million people. This again became an ongoing story, with lawsuits recently being brought against the company accusing them of being negligent with their customers’ data and not disclosing the breach in a timely manner.

Resuscitating the industry

There are two clear areas of security that need to be addressed by the healthcare sector in its attempt to stem the number of attacks occurring: IT infrastructure and the accessibility of data. By addressing both of these areas, there is hope that the healthcare sector will be able to protect itself and its sensitive data more securely.

A recent study by Agari, an email security expert, uncovered that the healthcare sector had the worst practises when it came to email security of any industry, with issues such as default passwords being used and a lack of appropriate security protocols.

It transpired that an email from a healthcare company is four times as likely to be fraudulent than one from a social media site. When viewed alongside breach damage reports, such as the one that afflicted Anthem, this makes for fairly damning reading.

The basics of IT security, such as email security and anti-virus software are more essential now than ever before. Despite being seen as a low-level solution, neglecting both the software and the practises that are associated with them can lead to threats entering your network through basic unlocked doors. It is vital that these basic processes are given just as much time, resources and respect as the most high-tech solutions available.

Despite the world of cybercrime often having high-stakes, a significant number of breaches still occur when somebody, for example, leaves a laptop in the back of a cab or on the train.

From individual shops being targeted to multi-billion dollar companies being taken down by international hacking rings, human error is often overlooked. Instead, infrastructure and security measures are often scrutinised for weakness in the wake of an attack.

Although individual errors and losses are difficult to legislate for, one way that this can be negated is a single page login that directs any access to data through a company-controlled page before the network can be accessed.

Data in recovery

Data can also be managed by using a layering system. Members of staff can only access the data that they have been given clearance for and need, rather than having access to the entire system on their device.

Then, if a breach should occur, through human error, the amount of data lost or stolen is minimised, limiting the damage to the organisation. This is especially important in BYOD usage, with a high percentage of healthcare professionals using a smartphone or tablet to regularly access sensitive data.

With much of the data used nowadays being stored in corporate clouds, a monitoring system for data access can also give companies transparency, and a method to track the access of data and quickly be alerted to suspicious behaviour.

>See also: Cyber security guide to the 10 most disruptive enterprise technologies

In the light of recent attacks, it is clear that something needs to be done in the healthcare sector in order to protect data that is both incredibly sensitive and of high value on the black market.

But with strained budgets, outdated IT infrastructure and medical professionals often dealing with IT issues that they do not have expertise in, this is not an easy solution. However, by paying appropriate attention to the core components of IT security and beginning to manage the data being accessed by individuals, often through a BYOD policy, healthcare companies and insurers can begin to treat some of the most obvious haemorrhages that are leaking data.


Sourced from Charles Sweeney, Bloxx

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics