Stabilizing healthcare database security is critical for hospitals
Technology is revolutionizing the healthcare industry, but for all the benefits offered by artificial intelligence, machine learning and embedded sensors, there are also new risks associated with the always-connected world. As mobile healthcare technology rapidly advances, physicians are now able to monitor patients remotely by streaming data live across the internet. The BBC reports that doctors are now even operating on patients who are hundreds of miles away. Though this is more convenient, it also means data is being created at an unprecedented scale, making healthcare database security one of the biggest risks facing patients and providers.
Protecting and securing all this data has never been more critical. The Office of Civil Rights reports that in 2015, more than 112 million patient records were compromised. Since then, cybercriminals have become even more aware of the value of healthcare records.
One of the most recent trends is the proliferation of ransomware — malicious software that encrypts all of a victim’s files — being used to attack hospitals and extort ransoms before releasing the records. According to a study conducted by the Institute for Critical Infrastructure Technology, “ransomware attacks on healthcare organizations will wreak havoc on America’s critical infrastructure community.” For example, a Los Angeles hospital paid almost $17,000 last year to re-obtain access to its computer systems after a ransomware attack.
At all points along the chain, patient information is at risk, and healthcare providers need to ensure they’re doing everything they can to keep it from falling into the wrong hands. Here are five ways you can ensure patients’ data is as secure as possible:
1. Protect the cloud
Having patient data available on all computers, smartphones and tablets makes life so much easier for doctors and nurses. However, this convenience brings huge risks. Collecting data in a single online repository attracts the attention of cybercriminals who want access to as much information as possible in a single place.
The Health Insurance Portability and Accountability Act (HIPAA) does not specify where healthcare data can be stored or how it should be safeguarded, but it does say those safeguards need to be sufficient to be effective and operational. For you, this means closely assessing cloud providers and asking whether they specialize in protecting healthcare information and whether they use advanced technologies to mitigate advanced threats.
Continuously assess the merits of cloud providers, monitor any changes they’re making and check whether they’re keeping up with industry best practices in order to maintain the privacy and security of patients’ data.
2. Always back up your data
With ransomware attacks against hospitals on the rise, one key measure is to regularly back up all data. By backing up patient records, it means you can reset your systems if a ransomware attack occurs. The backups, of course, need to be held at a separate location on a different network from the live data, preventing the cybercriminals from compromising that information, too.
It’s important to protect backup data through comprehensive cybersecurity measures as well as physical security measures. You can take advantage of solutions available today that automatically back up systems, keeping any disruption to a minimum. You should also back up system settings regularly to help get everything up and running following an attack.
3. Secure your devices
As healthcare data moves to the cloud, your colleagues now have access to it from a huge range of devices — smartphones, tablets, PCs and more. This convenience comes at a cost, though, as all these extra points on the chain provide new vectors through which cybercriminals can access the system. In order to protect the network, these devices need to be secured using the safest methods — randomly-generated passwords and PIN codes — as well as using secure and encrypted apps on devices to access the information.
4. Use end-to-end encryption
One of the weakest links in the chain of your patients’ data is not when it’s collected or when it’s stored, but when it’s in transit between devices. Whether that’s transmitting the raw data from your wearable to your smartphone or from your smartphone to the cloud, cybercriminals can take advantage of weaknesses in the network to conduct what is known as a man-in-the-middle attack, where they’re able to steal the information as it moves from one location to another.
Therefore, it’s vital to use solutions that provide 256-bit AES encryption. Hardware-based encryption for both data at rest and in transit is something to consider.
5. Have a plan in place — and practice it
Through having the right systems in place is an important part of healthcare database security, everything can fall down if you don’t train your staff on how to spot malicious threats and what to do in case of an emergency. Educating your staff can help prevent malicious hackers carrying out phishing attacks where emails that look genuine carry a malicious payload that gives criminals instant access to your network.
Carrying out regular attack testing of your systems is a good way to check whether your staff actively monitors for these attacks and remind them they can occur at any time. You should also have a set of rules in place to alert them of any suspicious behavior on their networks, such as information being sent outside the networks or unauthorized access to the network from an unsecured device.
Though new technologies are providing countless possibilities for improved patient care, you and your teams need to be aware of new data security risks and take appropriate actions to protect patients’ data.