Hospitals have traditionally safeguarded digital information so that patients, vendors, and shareholders will have the peace of mind that they deserve. Unfortunately, in today’s world, there are a lot of cybersecurity challenges facing IT administrators. In order for hospitals to stay ahead of the threats, many of their business administrators have turned to IT staff that can think outside of the box when it comes to threats facing their facility. Here are some of the top cybersecurity threats facing hospitals today:
Patient Records Theft:
Around 10 percent of the people that live in large metropolitan areas have HIV. In the past, health authorities and others shared their personal information so that they could track the threat of HIV spreading. The problem for hospitals has been that hacker consultants trying to create their own databases that track HIV positive people cultivated people that work at hospitals in order to try and steal patient information. The net result for someone who did get their information stolen was trouble at work because their employers didn’t want to share a group health plan with someone who would have outrageous medical costs.
California finally passed a law that levies steep fines on hospital systems that have a data breach due to internal staffers getting involved in looking at patient data when they are not their personal care team. Of course, although that curbed theft in California, the hackers moved their confidence game to Arizona, Oregon, and Washington to take advantage of hospital systems that were multi-state and could potentially access California data from outside California. For administrators, the best defense has been creating sophisticated permissions in their databases that only allow the people that should have access to view records.
Another problem that hospitals can face is a cyber attack on their accounting systems. Over the past two decades, many hospitals have developed internal database systems that integrate accounting with the daily activities that go on so that the costs flow directly to the financial people handling the books. The problem with that is that if you have a hospital with 300 computers, you end up with 300 access points for a hacker to try and use. The current trend, therefore, is to utilize virtual bookkeeping services. Online accounting systems that are provided as a service by a vendor are much safer because they are hosted in a world-class security data center. Only the accounting people from your hospital system are able to access records. There is also a large cost savings because your IT department no longer has to design internal security for your financial records.
Several years ago, a Hewlett-Packard facility banned the use of wireless devices in their building. Part of the reason was that from outside their building and on other people’s property, they were getting hit by up to 100 local hacking attempts at any given time. For hospitals, the idea that there are that many hackers interested in gaining access should give them pause. It does no good to have all of your drug infusers networked wirelessly to a console in the pharmacy if your pharmacy application is vulnerable to attack from outside. The most common answer is to have your IT administrators work carefully with your vendors to ensure that your software access points are bulletproof.
And even if your software is secure, make sure you design your wireless system well. A few years ago at the Black Hat hackers conference, several of the world’s top hackers were hacked by wireless systems hackers that were never caught. Along those lines, there is also an application that has been sold that pulls all 7 layers of the physical network and un-encrypts the data by getting access through a different layer. When used wirelessly, it can wreak havoc.
There are many cybersecurity challenges facing hospitals today. By leveraging online software as a service through secure data centers and tightening access with sophisticated permissions and solid planning, IT administrators can stay ahead of hackers seeking to steal data from their hospital.Comments »