p1a0qa3e6brhsnb18vb5o5rpu6.jpg
8 Top Security Threats in Healthcare
Healthcare organizations generally understand that common information security threats originate from employee actions, cyber attacks, theft and loss, and identity theft. But did you know that a provider’s supply chain also is a major potential source of breaches? During a presentation at the 2015 AHIMA Convention, Mac McMillan, CEO at information technology and compliance services firm CynergisTek, identified some of the biggest threats, ranked by frequency. (Photo: Fotolia)
p1a0qa47443b72mt7561dih115e7.jpg
Insiders
Many healthcare organizations have the ability to monitor employee use of information systems and how well the staff follow rules, but don’t. It’s a good idea to look at which employees are accessing records at twice the rate of comparable employees, McMillan said. Unusual activity may be the result of a very busy day; someone filling in for another staff member; someone who is bored; or someone who is stealing information. (Photo: Fotolia)
p1a0qa4usq3qqm9d18sfufp1sja8.jpg
Supply Chains
Organizations know little about their vendors and fail to categorize them according to risk. McMillan urges HIPAA-covered entities to manage vendor relations and have them report to provider security executives.
p1a0qa5eu213c7gp118uuarjnf9.jpg
Medical Devices
In June 2013, the Department of Homeland Security tested 300 medical devices, and all of them failed security checks. In 2015, the first publicized hack to demonstrate the vulnerability of medical devices occurred. Ethical hackers conducted the demonstration. (Photo: Fotolia)
p1a0qa9ed58741aif5rc1hq21tpqb.jpg
Malware and Advanced Persistent Threats
These threats are not going away, and while many healthcare organizations use signature technology to detect malware, it misses half of the malware, McMillan said. (Photo: Fotolia)
p1a0qa5t8n1b422011pf48hb1btpa.jpg
mHealth
If data does not have to be on a mobile device, then it shouldn’t be put on it. Most mobile devices are not secure, compromised by manufacturers’ efforts to optimize their functionality. So organizations should manage the data, and not try to manage the devices, McMillan advised. “There are way too many of them; just give up,” he said. (Photo: Fotolia)
p1a0qaaddn151a1c3tsn71eeg1lnrc.jpg
Medical Identity Theft and Fraud
Identity theft and resulting fraud are almost epidemic in parts of the United States, McMillan said, and 47 percent of cyber crimes target healthcare. (Photo: Fotolia)
p1a0qabhulur697o6nh10tqvald.jpg
Theft and Loss
This is the “dumber than dirt” security problem, McMillan said. The rate of loss for mobile devices is 6 to 10 percent, making them a significant access point to the systems they connect to. (Photo: Fotolia)
p1a0qac1qof6314241r2s9d61kiqe.jpg
Targeted Attacks
These are the bad ones, conducted by professionals with resources and motivation. Companies or nation states are going after intellectual property; they don’t see espionage as a crime, but as a strategy, McMillan said. (Photo: Fotolia)