Re-posted with permission from M2SYS and edited.
The healthcare IT infrastructure realm is undergoing an unparalleled digital transformation at present. The leaders of provider organizations are progressively turning to Information Technology to keep up with contemporary business challenges and buckle up for what the future has in store.
However, like all other changes, this one too comes at a cost – the ongoing need to keep sensitive information secure and the peril posed by an inundation of end-users.
In 2017, the Department of Health and Human Services’ (HHS) Health Care Industry Task Force presented a report on the agitated state of affairs for healthcare cybersecurity:
- The majority hospitals function without a designated chief information security officer
- Cybercriminals view healthcare as a chief target
- Most providers are underprepared to deal with the current threat landscape
Three years later, it can be safely assumed that although awareness has ameliorated across healthcare, the industry is still a long way from securing its complex digital environments.
In this piece, we will be looking at a few important step’s healthcare providers need to implement in order to secure their health IT infrastructure.
1) Use Multi-Factor Authentication
According to one recent report on the Federal Information Security Management Act, close to 65% of the total Cybersecurity incidents could have been averted with strong multi-factor authentication (MFA).
Passwords, no matter how strong, continue to be an unchallenging target for hackers, especially since new methods like phishing and password spray attacks, which use social engineering to make the most of loopholes in security systems, continually emerge. This is where multifactor authentication can fabricate an additional layer of identification security.
MFA necessitates users to submit a combination of factors (2 being the minimum number) to validate their identity and gain access to protected information over a device or computer. These identification factors usually fall into three categories: something you are (like a fingerprint biometric), something you have (a mobile device) and something you know (a username and password).
Many healthcare service providers also harness biometric patient identification tools that employ distinctive biological characteristics (behavioral characteristics or physical attributes) to verify a patients’ identity. By utilizing biometric technology, they can not only ensure secure PHI data, but also minimize the risk of facing heavy financial penalty caused by data breach and HIPAA rules violation.
Because biometrics are always with you, unlike USB tokens or passwords, the chances of a theft occurring considerably go down. Devices with built-in readers, such as smartphones or laptops, enable the authorized staff to gain access with a quick scan, without having to carry a token or device, or to remember anything. This convenience has made biometric authentication methods, such as fingerprint scans, popular with healthcare organizations and is driving their IT providers to push and experiment for their widespread adoption.
2) Leverage Security Monitoring & Alerts
Close to all IT systems in use today have some sort of proactive monitoring that inform healthcare IT infrastructure staff of potential problems, such as storage capacity completion, performance degradation, or unanticipated outages. Likewise, security monitoring systems can familiarize themselves with and recognize usage patterns, and alert security personnel when anomalies arise, further reducing the bloodspots that put patient data at risk.
For instance, numerous failed login attempts for one or more users (Brute Force attacks), or aggressive repeated requests (Distributed Denial of Service attacks – DDoS) that could bring your security network to its knees can be easily detected through such systems. By identifying potential security risks rapidly, necessary countermeasures can be put into effect to settle the issue before the system is compromised.
3) Encrypt All Data
One of the greatest security concerns for health IT infrastructure departments is HIPAA compliance, which requires secure encryption of data when it is moving out – particularly if it will be exiting the secure network to be shared with an outside location, such as a referring physician’s office, teleradiology network, or even a patient portal.
While utmost precautions are taken to encrypt the data in movement, very often when the data is sitting frivolous in storage, it is unencrypted, and therefore unprotected should an access breach occur.
Therefore, encrypting data at rest is equally important. This provides a supplementary layer of security that prevents a would-be intruder from decoding or sharing the data in any meaningful way, even if they manage to retrieve it somehow.
One can also employ custom cloud-based solutions that come with robust encryption and security to keep sensitive patient data safe. In this way, because your information isn’t stored physically within your premises, it is protected in the event of an attempted theft or other unforeseen incident that could destroy an on-premise system that isn’t backed up.
Come back next week for the second part of this article.
Get Help from an ISG Expert
In the meantime, please contact your local ISG member dealer to discuss your specific needs. We offer a variety of solutions from brand name partners like M2SYS, Entrust, BadgePass, PDC, Brady and more. We help healthcare organizations of different types and sizes with a wide range of identification and security products, including physical and logical access. We can help your facility with future planning for your healthcare IT infrastructure needs.
Original article written by Shaon Shahnewaz for M2SYS.
