HEALTHCARE isn’t necessarily a sector that you might closely associate with hacking and malware, but as more hospitals, medical practitioners and administrators begin adopting digital technology into their systems it’s becoming more crucial than ever that this industry adopts robust security measures.
Despite the fact that 70 percent of health organizations in Asia Pacific are investing five to 15 percent of their budgets into cybersecurity solutions, that’s not nearly enough when compared to the fact that there is a substantial lack of actual talent to put those solutions into motion.
According to data from Palo Alto Networks, only 78 percent of healthcare organizations have a dedicated IT security team, thus placing the industry on the bottom rung among other sectors where there is an average of 86 percent.
The biggest risk that health organizations face when it comes to security is the vulnerability of sensitive personal data. Healthcare requires medical practitioners and groups to collect lots of personal information from patients, including addresses, financial statements and details, contact numbers, and so on. The monetary loss of a data breach could be insignificant compared to the potential harms that could be dealt to patients who have no say in how their information is protected.
“As an industry that deals with copious amounts of personal, exploitable data, it can be disastrous if this data enters the wrong hands,” said Sean Duca, Palo Alto Networks’s vice president and regional chief security officer for the Asia Pacific region, in a statement.
“Healthcare organisations need to ensure they are always updated on new security measures, and change their mindset from a reactive approach to a prevention-based approach instead, akin to how they remind patients that prevention is better than cure.”
Data breaches could also affect connected devices that patients rely on to monitor their health or keep them alive in some cases. The Palo Alto survey found that among surveyed healthcare professionals, 30 percent have said that loss of details is a huge issue, followed by fears of reputational damage (22 percent) and delays (17 percent).
There are a few reasons why healthcare organizations have performed poorly in terms of cybersecurity, the first being the legacy security systems that are in place and which are costly to replace. Palo Alto found that only 39 percent of those surveyed had admitted to reviewing security policies that are in place, despite 83 percent actually having these protocols. These numbers place the healthcare sector below the financial industry (51 percent), another sector known to maintain sensitive client data.
Palo Alto said that the healthcare sector needs to get their devices – especially those connected to the Internet – updated with the latest firmware and security patches in order to ensure hackers can’t get into their products.
“Medical devices are notoriously vulnerable to cyberattacks because security is often an afterthought when the devices are designed and maintained by the manufacturer,” the report cautioned, adding that organizations should be prepared to organize detailed inventories and patch management plans as part of their device maintenance strategies.
Another issue is the fact that more patient data is being moved onto cloud and digital networks in order to cut down on physical record bloat. However, organizations also need to be aware of the need to integrate advanced security architecture within the network, in end-point devices and within the cloud itself. This three-pronged approach will be more effective against the changing nature of malware.
Organizations also need to get rid of “Bring Your Own Device” (BYOD) policies that allow professionals to access work-related information on-the-go, wherever they are. The fact is that not all devices will come equipped with strong enough security protocols, and the more end-points that are linked up with a system the more vulnerable its data will be.
Palo Alto found that 78 percent of organizations allow their employees to access work information off their own personal devices such as mobile phones and personal computers, while another 69 percent are allowed to store and transfer confidential data through those same end-points.
“Practices such as BYOD and some employees’ ability to store and transfer confidential information through their personal devices put them at a higher risk of phishing attacks,” the report said.
It’s important to reckon with the fact that organizations need to take a holistic, detailed approach to combating the spread of poor cybersecurity practices. Without a top-down, wholesale approach to boosting personal data security hygiene through in-house policies and training sessions, health organizations will always have to fear for the integrity of their data networks.