In recent years, the healthcare industry has jumped onboard the technology bandwagon, with wearable devices, telemedicine, the use of tablets and electronic health records in the examination room at provider visits and throughout hospitals, and the list goes on. From doctors’ offices to medical practices, clinics to hospitals, employers with wellness programs to health insurance carriers, the healthcare industry has now found itself to be an attractive target to multiple types of cyberattacks.
Cyberattacks on the Rise
In 2016 cyberbreaches compromised more than 12 million health records, according to the 2016 Year-End Healthcare Cyber-Breach Report by TrapX Security. The research also indicates that cyberattacks on U. S. healthcare organizations increased 63 percent over last year and are now responsible for 31 percent of all major Health Insurance Portability and Accountability Act (HIPAA) data breaches. New threats are on the horizon too with the Internet of Things (IoT), malware, ransomware, and denial-of-service (DDoS) attacks crossing over from the financial services sector to test healthcare security professionals as well.
The key for healthcare organizations moving forward is to protect the confidentiality, integrity and availability of all healthcare data, which has become a tall order for many companies. Business is going to continue being conducted online as it has in every other sector. For the healthcare industry to continue moving toward technological efficiency though, it must achieve IT resilience.
Healthcare Cybersecurity Trends to Watch in 2017
Health Management Technology’s February issue offered expert advice on cybersecurity efforts and identified several trends to watch for in 2017.
- The FDA revised stricter guidelines for medical devices, but did not ultimately mandate their guidance. Consumers, providers and even employers who utilize such devices will have to still do their due diligence to find vendor partners that are building more responsible products and safeguarding important health information.
- More solutions will emerge that employ artificial intelligence, machine learning and heuristic capabilities that can sense unusual activity when hackers have bypassed or deceived frontline defenses.
- More attention will be paid to third-party vendors and partners as more incidents are being reported that involve a supplier of services or IT resources. Tougher questions will be asked regarding security practices and controls.
- Phishing and social engineering will remain prevalent, but have the potential to become more sophisticated and harder to detect, requiring greater user education, web and email gateways, multifactor approaches to authentication and next generation firewalls.
- Infastructure is becoming a target and inventory of all critical systems necessary for day-to-day operations needs to be inventoried and secured.
- Greater adoption of the National Institute of Standards and Technology (NIST) Cybersecurity Framework may happen as more organizations recognize a need for greater security standards than those provided under the HIPAA mandate. A new standard is needed that measures every aspect of an organization’s cybersecurity readiness and the Healthcare Cybersecurity Task Force should provide the needed recommendations.
Source: Health Management Technology. 10 Cybersercurity trends to watch in 2017. February 2017. P28.