THE HEALTHCARE RISKS
Healthcare organizations continue to face a rapidly changing landscape driven by new legislative initiatives like the Affordable Care Act, greater requirements and enforcement of patient privacy laws, and increasing complexity of products, treatments, and protocols. From providers of patient care to research and development, to pharmaceuticals or durable medical equipment, to doctors, nurses, and hospital administrators, professionals in the healthcare industry are seeing a need to rapidly deploy IT systems that change business processes, create new opportunities, reduce costs, and improve quality of life. However, this vastly increased technological presence also drastically increases the exposure of these entities to the virtual universe, while maintaining the security of patient records or confidentiality of important research remains paramount.
As in other industries, traditional network troubleshooting and security efforts of healthcare organizations demand vast amounts of time and resources, as IT teams manually comb through logs, manage a multitude of host agents and perform frequent updates to reduce the chances of a breach.
In addition to the reality of the external threats that exist across the internet, the time consuming, log overload, task intensive management, and security jading that face security personnel adds additional risk to the challenge of securing your network environment.
PacketViper improves your network security on all levels by dramatically limiting the number of threats that reach your firewall, but also by improving the effectiveness of your human capital by allowing IT personnel to focus on far smaller number of issues. PacketViper reduces unwanted traffic before it ever reaches the network, thereby eliminating much of the chaos that IT teams typically face.
IN THE NEWS
Cyber Attacks And Security Breaches In Healthcare
Do You Have The Right Security Program In Place?
Article Pulled From: http://networkingexchangeblog.att.com
I read almost daily in the news about cyber attacks on U.S. banks, infrastructure, government agencies, and businesses. In fact, government agencies saw a more than 650% increase in cyber security incidents from 2006 to 2010, according to the Government Accountability Office (GAO). The GAO reports that a main reason for the increase is the failure of agencies to fully implement their IT security programs.
To me, this means that many of the incidents could be preventable.
Although healthcare organizations are not often a primary target of hackers, electronic data in the healthcare sector is among the most vulnerable according to multiple reports, including a year-long investigation by The Washington Post. In fact, of all data breaches in the United States, healthcare entities accounted for the highest percentage of incidents, more than one-third of all data breaches in the country. One study reports that an astounding 94% of healthcare entities have experienced security or privacy breaches with their data.
And we’re not even talking about sophisticated cyber attacks over the Internet, but compromised data due to human error. A majority of healthcare security breaches have resulted from stolen and lost devices, such as laptops, desktops and smartphones — which often are not encrypted or even password-protected.
Despite frequent warnings from the Department of Health and Human Services and the U.S. Department of Homeland Security, the healthcare industry lags behind other sectors in implementing some of the basic security precautions when it comes to protecting patient data.
Of healthcare organizations surveyed in a 2012 study on cyber crime, fewer than half performed an annual security risk assessment — the most effective way to detect a security breach. In fact, 52% of the organizations that conduct one of these audits discover a security breach as a result.
The high costs of security breaches
Who in the industry is most vulnerable to security breaches? According to a 2012 HITRUST analysis: everyone. Even larger hospitals that have security measures in place may be exposed by trends such as shared electronic health records or community health records. Some eye-opening statistics:
- Hospitals and physician practices were responsible for 32% and 28% of the total breaches in healthcare, respectively.
- Government institutions (including VA hospitals) have experienced the greatest loss of records (40%).
- Since July 2011, physician practices have become the most breached organization type, surpassing hospitals/health systems.
- Insiders were responsible for 23% of breaches, accounting for 13% of records breached.
In addition to causing potential harm to patients such as financial identity theft and medical identity theft, security breaches incur huge financial expenses. The average economic impact of data breaches over a two-year period was $2.4 million, a 15% increase compared to 2010.
Call in the data security experts
The problem is that many healthcare organizations, especially smaller physician practices, don’t have access to sufficient resources dedicated to data security. Even at larger healthcare organizations, it’s difficult to expect staff IT professionals to manage all the necessary security projects — threat management, mobile security, storage, and data recovery — to help keep the organization safe from breaches.
To make any significant headway and close the gaps in healthcare data security, I believe it is critical for healthcare organizations to partner with established, proven technology providers to find practical and affordable solutions to help keep our data secure. We can’t afford not to. Once again, it’s a case for working with a trusted technology partner, so healthcare organizations can focus primarily on providing care to patients, while your technology partner does what they do best: help protect your information.
Healthcare organizations under siege from cyberattacks, study says
By: CHRIS O'BRIEN : LATIMES
Read Article Here:
Add this to the list of things to freak you out: Healthcare organizations of all kinds are being routinely attacked and compromised by increasingly sophisticated cyberattacks.
A new study set to be officially released Wednesday found that networks and Internet-connected devices in places such as hospitals, insurance companies and pharmaceutical companies are under siege and in many cases have been infiltrated without their knowledge.
The study was conducted by Norse, a Silicon Valley cybersecurity firm, and SANS, a security research institute. In the report, the groups found from September 2012 to October 2013 that 375 healthcare organizations in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks.
In addition to getting access to patient files and information, the attackers managed to infiltrate devices such as radiology imaging software, conferencing systems, printers, firewalls, Web cameras and mail servers.
"What's concerning to us is the sheer lack of basic blocking and tackling within these organizations," said Sam Glines, chief executive of Norse. "Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything.
"A decent percentage of these firms could have been eliminated from the data set if basic network and security protocol had been followed," he added.
The surge in attacks comes as hospitals and doctors across the country are using more and more medical devices that are connected to the Internet in some fashion. It's part of the broader trend known as the "Internet of Things" in which a growing range of devices are being fitted with sensors and Internet connections.
In addition, more patient information is being placed online, in part through the growing network of federal and state health insurance exchanges.
"The pace at which technology has allowed our devices to be connected for ease of use has allowed for a larger attack surface," Glines said. "More vigilance is required."
But as the report found, there are often not enough security measures taken to protect these connected devices.
As a result, patient information and privacy can be compromised.
But another troubling aspect is that once attackers gain access to these devices, they can use them to launch attacks on other devices.
Indeed, the report tracked the origin of some of the malicious traffic coming out of medical sites that had been hacked:
"The findings of this study indicate that 7% of traffic was coming from radiology imaging software, another 7% of malicious traffic originated from video conferencing systems, and another 3% came from digital video systems that are most likely used for consults and remote procedures."
In following the trails of this malicious traffic, Norse found detailed information about the layouts of hospitals and specifications of various lifesaving equipment.
Glines said the vulnerability can be addressed in many cases. But still, he's worried that healthcare providers may not move quickly enough.
"It's going to accelerate as we have more and more connected devices," Glines said. "With more healthcare information coming online, it becomes more valuable and therefore a richer target. We expect to see an uptick of breaches related to healthcare. It’s sort of a perfect storm."