By Melanie Purkis
Healthcare is facing an evolving onslaught of cybersecurity threats as we move into 2020.
While many of the most common threats will continue to pose a problem for the industry, bad actors have put a new spin on some in order to wreak havoc on the industry. These new twists are something that the industry will need to keep a finger on the pulse of in order to remain secure moving forward.
Threats to the Internet of Things
The Internet of Things (IoT) has opened up a broader playground for cybercriminals looking to exploit healthcare organizations. While its goal was to usher in new opportunities for the industry, it also raised new security challenges. As IoT is leveraged for wearables and implantables in healthcare, it puts these devices at risk for attack.
The volume of IoT devices that now exist – and the diversity of platform types that run these devices – make it incredibly difficult to create endpoint security agents. These endpoint security agents are necessary as most IoT devices are not currently capable of supporting endpoint security agents, making them unable to block the signature of malicious behaviors.
As more devices are developed and enter the marketplace, the attack surface will widen and each unmanaged component will present a new point of vulnerability.
Mobile Device Risk
Not unlike the IoT, mobile devices have become ubiquitous, creating a wide web of connectedness that will only expand. This will continue to pose a threat to healthcare security, particularly via mobile devices operated by employees.
Some organizations have created “bring your own device” (BYOD) policies that expand the risk area. These BYOD policies grant access to different systems, making it critical that healthcare organizations are augmenting the device’s inherent security with additional authentication measures
Ransomware is not going away. In fact, it’s anticipated to be one of the biggest information security threats within healthcare this year. Much of this threat happens via phishing, where people are misled into aiding malicious network connections.
The best defense against ransomware attacks is organizations becoming aware of where their weaknesses are and where bad actors may attempt to bring in malware. The healthcare industry, in particular, is at great risk because of the sheer value of that data on the black market.
It behooves healthcare companies to choose wisely when it comes to hosting providers. Working with a seasoned managed hosting provider that has depth and breadth of experience in HIPAA and other healthcare regulations can be critical. Experienced hosting providers will partner with security providers to reduce the risk of cyberattacks and keep the clients’ websites safe from ransomware and other cyber attacks.
Healthcare organizations need visibility and the ability to garner insights on how traffic moves within an organization to better identify potential ransomware. The attack surface must be secured, both from the inside out and from the outside in. This requires both a technological and user-driven approach to security.
Focusing on a user-driven approach to security will emerge as one of the fundamental approaches any healthcare organization can take. There is still a void when it comes to employee awareness and education. When employees do not understand security policies, a lack of preparedness results, along with increased exposure of sensitive patient data.
Healthcare organizations need to find ways to incorporate this training and education in a meaningful way, whether it’s through newsletters, gamification, or specialized training. Security policies do not work without people actually implementing them. And people will not implement them without effective training.
As advancements in technology continue, healthcare organizations must be sure that information communication technology infrastructure remains secure—and that employees are trained in the proper security protocol. One without the other won’t work. Ensuring that an organization is protected will require the right technology and the best training.
Melanie Purkis is the Product Leader for Liquid Web’s Managed Hosting Products & Services, including HIPAA Compliant Solutions. Melanie has 23 years of experience with professional leadership in the IT and web hosting industries.