As healthcare becomes online, suppliers must strengthen security measures

In the past 18 months, the amount of health data collected and transmitted using cloud computing has exploded. Due to the Covid-19 pandemic, many forms of care and treatment have been disrupted because clinics and healthcare providers are forced to provide virtual consultation and telemedicine services. According to research conducted by the Centers for Disease Control, the number of telemedicine visits in the third week of March 2020 has increased by 154% compared to the same period in 2019.

The massive expansion of online healthcare means that providers must be held accountable for larger and deeper information bases. However, despite the growing scope of the challenge, many organizations have failed to take the necessary measures to protect their data. According to our recent global cybersecurity threat data based on the responses of 2,600 respondents, one-third of healthcare organizations encrypt less than half of their data. By leaving most of their data almost unprotected, these organizations are inviting bad actors to view and access sensitive personal information. Although not all data is equal, as the industry’s dependence on the cloud deepens, medical institutions cannot become victims of the increasingly complex cloud environment.

Run the risk of violation

Among our data, perhaps the most worrying data extracted from the healthcare industry is that more than one-third of respondents have reported that they have experienced a data breach in the cloud. Because healthcare data is at the intersection of personal identification information, billing data, and diagnosis, a single data breach can provide a large number of fraud and identity theft opportunities for bad actors. According to Experian, The price of medical records on the dark web is as high as $1,000.

Unencrypted data is easily seen and accessed by unauthorized users. Standard encryption measures provide the minimum guarantee for protecting information in the cloud environment. Healthcare organizations must start with encryption and key management to establish a basic level of security around their data. However, with the emergence of emerging threats such as quantum computing, healthcare providers should take additional measures to protect their assets in the coming years. The need is urgent: even if criminals do not have the tools to understand stolen data, the next generation of hacking tools will be able to crack many of today’s most common security protocols.

Data protection in high-risk industries such as healthcare and finance should adopt a “zero trust” architecture in the future; these solutions not only require users to verify their identity every time they need to access sensitive data, but also restrict the authorization of each individual user Access to specific assets. In this architecture, encryption and continuous verification enable the system to expand and merge new data without increasing the risk of leakage. Healthcare providers must also recognize that every employee may unknowingly provide access to cybercriminals; every member of the organization should receive regular training and retraining to understand the latest security protocols and best practices .

high risk

Recent high-profile violations, such as Colonial pipeline ransomware attack It has been proven that failure to maintain proper security measures can have devastating consequences. As sophisticated hacker groups become more ambitious in terms of the scope of their attacks (and the scale of their needs), the threats continue to grow every day.Recently, Ireland Head of health services attacked Initiated by a hacker group, it caused widespread cancellation of appointments and forced healthcare providers to restore paper records.

As the scale of data breaches increases and large organizations show that they are willing to pay the ransom, it is only a matter of time before more medical institutions become targets of coordinated attacks. From major hospitals to local doctors’ offices, health leaders must review their security measures to ensure they can withstand current and future cyber attacks. Trust is at the core of every doctor-patient relationship, and we must be able to trust our healthcare providers to protect our most sensitive information.

Photo: Traitov, Getty Images