The Top 3 IT Security Threats to Healthcare Organizations

An Interview with Navin Balakrishnaraja, Healthcare IT Service Practice Director for All Covered

March 29, 2018 by Joan Dowling

We recently talked with Navin Balakrishnaraja, All Covered’s Practice Director for Healthcare IT Services to discuss the critical security issues facing healthcare providers today.   With almost 20 years in IT services around the globe, Navin shared what he believes are the top three security concerns for healthcare providers today and how to prepare against them.

Data Security Risks and HIPAA Compliance
The top most concerns of Healthcare Organizations is to keep the Patient Health Information (PHI) safe. Knowing the vulnerabilities that exist in the network (both wired and wireless) and addressing them is key to mitigating the security risks and maintaining HIPAA Compliance. Healthcare organizations should continually assess their systems for potential vulnerabilities, make repairs and improvements based on the findings, and attest to the actions taken. Since Healthcare Organizations should know their assets in the network when a breach happens, they can control the effect and stop the breach from spreading to the entire network.  

At All Covered we provide our clients with managed compliance services to assist Healthcare Organizations. Our compliance portal provides a snapshot of the vulnerabilities and controls to the affected systems to maintain HIPAA compliance

Medical Device Hacking
Medical devices and devices in general, mobile phones, tablets and the like have penetrated virtually every area of the healthcare environment creating vulnerabilities as they connect to both wired and wireless networks which can be utilized to hack into the patient health information and systems.   It’s never been more important to implement security controls to protect both data and networks in this era Internet of Things (IoT).   That said, organizations should take steps to ensure all devices are connected only to the healthcare organization’s protected network, creating a zero trust network for these devices and setting up authentication and encryption communication rules.

For our clients, the All Covered solution for medical device hacking prevention ensures the following:

• Vulnerabilities are monitored
• Role based network access is established with zero trust network
• A layered approach to security with secure & protect solutions throughout the network
• Security awareness training

Phishing and Ransomware
According to the Enterprise Phishing Susceptibility and Resiliency Report from PhishMe, 91 percent of cyberattacks start with a “phish” — an email or message designed to convince users to open an infected link, attachment or provide credentials. These email attacks have been leveraged against healthcare organizations for years — and they are still a top security risk for healthcare companies. As with other healthcare security concerns, employee training is key to avoiding phishing and ransomware scams. However, it’s also important to know your software vulnerabilities and patch them, keep firewalls and Intrusion Prevention and Detection Systems (IDS/IPS) updated, provide robust email and web security solutions, and provide antivirus and anti-malware solutions.

Our solution at All Covered is what we call Secure & Protect solutions, which we deliver by offering data protection through a multilayered approach. Networks, Servers, Workstations, Firewalls and Mobile Devices are monitored and protected to prevent attacks from inside and outside the network.


 

Navin Balakrishnaraja

CPHIMS, CHP National Practice Director, Healthcare IT Services, All Covered

 
 Navin Balakrishnaraja has 20 years of progressive leadership experience across startups & diverse domains and technologies. He has successfully led several Healthcare M&A integration activities and implementation of various EHR systems. He has deep experience in development and commercialization of consumer-driven new products, brand communications and new business models. He holds BS in Engineering from Anna university and Leading professional services firms from Harvard Business School. He is also a Certified Professional in Health Information Management Systems and HIPAA Compliance.