Protecting Health Care Records from Cyber Attackers is a Game of Cat and Mouse
The never-ending battle between health care organizations and cyber attackers has always been like a game of cat and mouse. The hacker plays the role of the mouse, constantly trying to sneak past the company’s cat that is guarding information.
For years, the cat not only consistently beat the mouse, he would help his fellow cats identify new mice and keep them out of their cupboards, too. But as the successful data breaches over the past year demonstrate, including one earlier this year that made headlines after millions of health insurance records were compromised, the mice are now kicking the cats in their tails.
As the health care sector continues its collective effort to move to a 100-percent electronic records system, these recent attacks should serve to do two things. First, it should shine a light on why your existing cyber security system is likely inadequate – even if it complies with HIPAA’s Security Rule. Second, it should prompt you to immediately call your CSO, CIO and IT administrators into your office to overhaul your security posture and establish new employee education and incident response training programs.
While you may not have thought of your industry as a primary target for attackers, I hope you understand that cyber criminals consider health care information just as valuable as credit card numbers and other financial records if not more so given the longer shelf life of social security numbers and other personal information. And furthermore, traditional security solutions alone are incapable of keeping thieves out of your network. Healthcare security needs a more holistic approach that keeps watch both outside and inside your network and can help your security personnel more quickly identify and remediate threats. Here is why:
A Game of Cat and Mouse
Your first question might be, “What happened to the cat that I thought was such an effective guard?” Actually, the question you should be asking first is “What’s happened to the mouse to make him so much better at sneaking past the cat-guarded gate?”
The mouse has become faster, smarter and more agile. His motivations have evolved too, from hacking into systems to gain public notoriety and praise from his fellow mice, to silently and anonymously stealing information for financial gain.
In fact, the cat often does not even realize the mouse has snuck in and has been sitting for weeks, possibly months, stealing whatever it finds valuable.
The solution is not to add more cats that keep their ever-watchful eyes trained outside your network in order to spot outside attackers from trying to get in. That’s still important, the cat hasn’t become obsolete. But now building a better mouse trap requires a more holistic approach that guards both from the outside-in and from the inside-out.
This requires monitoring activity across your entire network in real time, including who is accessing and moving data stored in third party cloud-based services like Dropbox or Salesforce.com. Simply put, security cannot be a one-time “set it and forget it” process.
In addition to implementing technology tools to enable you to see who is in your network and what, exactly, they are doing, you need to educate and train all of your employees, not just those in the IT department. Practice makes perfect. Just as you run regular fire drills, do the same to ensure your teams know what to do when a security threat is identified outside or inside your network. You want to put out a fire in a trash can long before it becomes a blaze that engulfs the whole building and causes irreparable damage.
A Holistic Approach
There’s no sugarcoating this fact: it’s likely only a matter of time before a breach occurs. You still want to lock your front doors (a.k.a. your perimeter), but don’t put all your eggs in that one basket. You have to balance your cyber security technology budget and include tools that provide your security team with the intelligence, visibility and forensic IR capabilities they need to identify when someone picks the lock and shut them down before any significant damage is done.
Rackspace surveys healthcare leaders' knowledge of tech
A new survey sponsored by Rackspace Technology has analysed how well healthcare leaders understand technology today, compared to five years ago.
Rackspace polled more than 1400 IT and non-IT decision makers in companies making over $300 million a year in six industries, one of which was healthcare.
The survey asked healthcare executives about the changing role of technology in their area, including the dangers of falling behind, their knowledge of the role of technology, and familiarity with what technology can do to the bottom-line.
The majority (90%) say their appreciation for application technology has grown over the past five years, and 88% now have a better understanding of technology than they did five years ago.
They were also asked about the ways technology helps drive corporate strategies. The survey found that:
* 62% say automation drives efficiencies
* 50% say they leverage innovative technologies like IoT and cloud native applications
* 48% say it allows greater employee collaboration
* 48% say it gives them real-time analysis/customer ‘pulse’
Among the technologies that benefit healthcare organisations the most financially i.e. generating revenue and reducing costs:
* 60% say AI/machine learning
* 61% say cybersecurity
* 56% say enterprise software
* 45% say e-commerce
* 44% say SaaS
* 41% say IoT
Almost half of the respondents (44%) say that if legacy applications aren’t modernised in the next two to three years, healthcare organisations may lose their ability to compete.
Other consequences of delaying modernising applications include:
* 56% say they wouldn’t be able to meet new regulations
* 46% say they wouldn’t be able to scale up IT to meet new demands
* 44% say customer service levels would be reduced
* 36% say they wouldn’t be able to integrate
* 33% say poor staff morale would result from inadequate systems
* 33% say there would be lost productivity
Jeff DeVerter, CTO at Rackspace Technology, commented on the research: “The results of our survey are further evidence that modernising applications through a user lens is not just a ‘nice to have’ from a customer satisfaction perspective, but also delivers a wealth of tangible, quantifiable benefits to organisations.
“Applications are a foundation of customer experience, and it is encouraging to see an increased focused and rising enthusiasm for customer experience improvements.”