2018 was an eventful year for healthcare security. From the enforcement of new privacy laws to the amendment of existing ones, the international healthcare sector has experienced many changes. Telehealth is growing, new health record initiatives are being put in place and old ones are being updated. In spite of this, the industry still has a long way to go before it can be considered a secure place for data to be stored and managed. Below is a list of valuable lessons learned over the course of 2018:
Hackers are more focused
Initially, attacks were random in nature and did not focus on specific people or organizations. Today, however, breaches are targeted and purposeful. The fact that the number of breached records is decreasing should not be misinterpreted as progress. The number of breaches occurring on a yearly basis is increasing which means that attacks are more focused and selective. Victims are now researched and selected expertly which means that healthcare providers should look into strategic security methods and techniques.
Phishing attacks have become more sophisticated
One of the main methods of attack is phishing. Paul Singleton, a systems engineer at Cisco, said that cyber criminals now pay great attention to detail in their phishing attempts. "Attackers are now co-opting your friends and other relationships. They can send you an email from somebody you know asking for an opportunity to collaborate on a document," said Singleton. These are things that people do not give a second thought to. They either find themselves under attack within seconds or are quietly bypassed and remain exposed unknowingly for months on end.
Breaches continue to go undetected for too long
Organizations often focus much of their energy on risk management and incident response time. But all of this is of no value if breaches are not even detected in time. 2018 witnessed numerous breaches that went unnoticed for long periods. One recent incident is the Independence Blue Cross Privacy Office breach which left the data of about 17,000 patients unprotected online for three months. This reaffirms the importance of enforcing proper access controls and network monitoring to detect vulnerabilities and breaches.
Organizations are changing the way users function
In 2018 there was a significant increase in reliance on cloud computing. In fact, by the end of 2018, organizations are forecast to have spent about $3.5 million on cloud apps, platforms and services. According to Singleton, employees working for a company can now operate in the cloud without venturing near the company's network. This is a secure, though not bulletproof, workaround for employee negligence and errors.