There’s no question that healthcare data breaches are reaching an all-time high. With health records fetching as much as 10 times the value of credit card data on the black market, cybercriminals are targeting healthcare organizations now more than ever. 2015 is poised to become the “year of the hack” in healthcare, with cybercriminals exploiting any vulnerability they can find, be it an unpatched system or an insecure endpoint.
In an article on MedCity News, “Here’s how healthcare can guard against data breaches in the ‘year of the hack’” I looked at the data breaches in the first quarter of 2015 and what these trends can teach us about how to guard against data breaches. Q1 2015 data breaches have affected more than 92.3 million individuals, a huge increase over the same period last year. Looking closely into these data breaches, it’s clear that though 2015 may be thought of as the “year of the hack,” people are still the root cause of most breaches.
The methods by which cybercriminals have successfully penetrated healthcare networks stem from issues related to people – unencrypted data, unpatched systems, compromised passwords and more. These are areas where people have made mistakes or have overlooked security policies. The good news is that there are measures that can be taken to reduce these “people” issues by improving upon process and education, complemented by the right data security solutions. In the article I outline several specific areas to reduce data breaches in healthcare:
- Understand it’s not all about the network
- Have a holistic approach to healthcare security
- Reduce the “attack surface”
- Minimize the “people” risk
- Know how to detect anomalies
- Develop and maintain an incident response plan
I detail each of these precautions in the MedCityNews article, giving many tips to healthcare organizations on how to batten the hatches to weather the oncoming storm of cyberattacks. To learn more about how Absolute Software can add layers to your healthcare organizations strategy, contact us or visit our website.