5 critical components in protecting servers from breaches
Servers appear to be the Achilles heel of healthcare organizations’ data protection efforts. About 54 percent of all individuals affected by an information breach of a healthcare organizations were impacted by a breach involving that organization’s server, according to data on the breach portal of the Department of Health and Human Services’ Office for Civil Rights, culling security incidents from June 1, 2018, to May 31, 2019. A report this summer from Clearwater’s CyberIntelligence Institute says that, of the breaches in the previous 12 months, 90 healthcare breaches affecting more than 9 million individuals, were related to servers in some way.
It’s no wonder that servers are hackers’ prime target—they are a central repository of data and critical programs that are shared by users at healthcare organizations. Clearwater analyzed critical and high risk factors facing hospitals and health systems for a six-month period and found that servers topped the list of information system components responsible for these risks—in fact, 62.83 percent of all critical and high risks were a result of some inadequately addressed security vulnerability in servers. That far outstrips security risks posed by Software as a Service (SaaS), 17.06 percent; desktops or laptops, 10.5 percent; or all other risks, 9.07 percent.
Clearwater’s research found two key server vulnerabilities, and three important actions for organizations that want to fill these gaps.