Why Medical Records Are the New Data Honeypot

..and what physicians and their vendors should do about it.

The healthcare industry is the “grandparent” of the IT security world. Despite having the potential to collectively save $60 billion with investments in digital technologies, the healthcare industry remains infested with old, expensive to replace, legacy technologies filled with vulnerabilities.

2016 saw a 63% increase in healthcare focused cyber attacks, and earlier this year NHS hospitals in the UK were forced to turn away non life-threatening patients when various hospital systems were crippled by the cryptolocker virus WannaCry. Despite all of the evidence that suggests hackers are specifically targeting healthcare institutions, proposed HHS budget cuts mean health organizations in the US will be facing this growing threat equipped with less resources than in previous years.

Assuming the government isn’t suddenly going to start throwing money at healthcare, what specific IT vulnerabilities should healthcare institutions be aware of, and how can providers keep their systems secure?

What are the biggest stumbling blocks for healthcare IT security?

The healthcare industry’s continued dependence on old technology means many devices in use are no longer supported by security updates and are susceptible to medjacking and other backdoor hacking. Some healthcare organizations aren’t even aware that as of April 11, 2017, Windows Vista is no longer supported by Microsoft, making Windows 7 the oldest operating system you should have installed on your computers.

Because of the valuable and confidential nature of the information held by healthcare institutions, the federal and state security regulations are rightfully extensive, but their rapidly evolving complexity has made it increasingly difficult for healthcare companies to keep up with compliance.

There is an elevated motivation for hackers to target healthcare institutions because they are more likely to pay hacker’s demands since the consequences of a hospital’s system going offline (even for a brief time) are quite literally a life or death situation. To avoid human suffering and circumvent malpractice and liability risks, hospitals have higher pressure to recover stolen information and to unlock blocked data.

What’s necessary to solve health IT’s chronic security problems?

Looking at the big picture, major changes will need to take place to improve security and widespread adoption of best practices in the healthcare industry.

Recently, the Bipartisan Policy Center (BPC) released a report focused on the relationship between patient safety and improving health IT implementation. The report’s top suggestions to advance the development and adoption of health IT run parallel to the advancements needed regarding IT security. The report calls for:

1. The development of coordinated leadership to set and guide health IT priorities.
2. The promotion, dissemination, and regulation of best practices that address priority health IT issues.
3. The continued advancement and adoption of strategies and standards across healthcare institutions.

Want to know what are the best practices to keep health IT environments secure? Read our latest post here.

Not sure if your systems are secure? Let our team help! Click here to book a meeting with us today.

AlphaRidge is a leading MSP located in NY.  With over 15 years of managed services experience, AlphaRidge experts have solutions for your specific needs. We place the highest value on the protection and privacy of your data, and we maintain transparency to you with every service we provide. Our white glove on-site and remote service is designed to demystify IT and streamline your concerns into rapid solutions, so that you can focus on what you do best. Consider our team, your team.