Why Hackers Love Healthcare

March 6, 2018

Hackers love healthcare, and not because they’re feeling peaked. It’s because they’re feeling emboldened. Healthcare data is bountiful, lucrative, and relatively easy to steal.

According to a 2018 report from Security Scorecard, the healthcare sector ranks 15th out of 18 major US industries in cybersecurity. Last year alone, almost 500 healthcare breaches were reported to the US Department of Health and Human Services.

One of the victims was Anthem—whose subsidiaries include Blue Cross Blue Shield, AmeriGroup, and UniCare. In 2017, members enrolled in Anthem’s medical services tallied over 40 million. In the breach, over 78 million medical records were compromised.

In light of breaches like these, global healthcare cybersecurity spending is projected to exceed $65 billion in 2018. All that money will go toward one goal, and that’s trying to protect what hackers get paid big bucks to acquire: information. Namely, your information.

The most vulnerable and (to the hackers) most valuable information is electronic protected health information (ePHI). It’s social security numbers, health insurance data, addresses, account log-ins, etc. This all amounts to a veritable treasure trove for those lurking on the Dark Web and amongst the Internet fringe.

According to the American Medical Association, 83 percent of physicians say that their practices have already experienced a cyberattack. That’s a big part of the reason for why this topic—healthcare cybersecurity—will be sure to get a lot of play at this year’s HIMSS Conference, and sure enough, one of the main education topics listed on the HIMSS website is Privacy, Security & Cybersecurity. Critically, the topic is tied to “the use of technology in the clinical and business workflow.” It’s technology, according to the experts at HIMSS, that carries the answers to the most pertinent cybersecurity questions.

How do they keep ePHI truly protected from a breach? How do they keep up with industry-leading cybersecurity countermeasures? And what types of technology will best aid them in doing so?

Here are a few examples of the answers and solutions new technologies may offer.

Behavioral Monitoring

Tracking employees’ behavior helps establish patterns and record anomalies, and it’s becoming more practical thanks to advances in machine learning, analytics, and artificial intelligence (AI). New AI can quickly study activity and medical record access, and thus identify outliers in behavior efficiently.

For example, with heightened AI, organizations can readily capture and analyze behavioral data. They can establish baselines for normal behavior and proper record access. With that information, they can then more deeply and accurately analyze behaviors of their workforce that could lead to a breach. They can identify who’s using certain applications—who’s emailing internal information externally—and whether those activities violate established processes and protocols.

Many breaches are a result of bad internal process, and behavioral monitoring can help increase internal understanding by contributing to proactive internal learning and by helping to pinpoint missteps in real time.

The Cloud

 

One of the biggest challenges in healthcare is interoperability, or how to best share and exchange records and data. Sharing between different systems, software, and devices gets complicated, and logistics, privacy, security, time sensitivity and cost-effectiveness are all important factors. One of the most intriguing and compelling solutions to the challenge of interoperability is cloud-based storage.

Standardized cloud environments are tailor-made for the healthcare sector. They’re inexpensive, easy to use, intelligent, and can help healthcare organizations unify and automate their many systems. They champion mobility; they’re utilitarian. Advances in infrastructure also mean that cloud-based apps can sort and aggregate data.

Many organizations are still worried and reticent about the cloud, and security and HIPAA compliance are chief among those concerns, but now many cloud providers offer technology to mitigate those risks. For example, some cloud-based systems can connect with traditional, on-site data storage centers. Doing so adds privacy and redundancy, and each is crucial for effective data storage and management.

New and emerging technologies like these—AI, cloud platforms, behavioral analytics—are powerful and innovative, and can contribute to a brighter future for healthcare cybersecurity. They represent, in fact, the very future of healthcare infrastructure, and they serve as a ballast. They’re the healthcare sector’s best shot at meeting the security and compliance challenges of the modern world.

To meet these challenges, the healthcare pros at the HIMSS 2018 Conference can’t go it alone. They’ll need a partner. They’ll need expertise—not only with AI and cloud-based apps, but also on the specifics and nuances of the healthcare sector.

To find a partner like that, contact All Covered. We assess your risk, and we forecast what you can do to combat future breaches. By examining your systems and devices, we can monitor every point of entry. We offer cloud backup and disaster recovery services, and these practices are designed to maintain your operational status quo—no matter what happens.

Navin Balakrishnaraja
National Practice Director for Healthcare IT Services