The recent Vectra 2019 Spotlight Report on Healthcare indicates that the proliferation of healthcare internet-of-things (IoT) devices, along with a lack of network segmentation, insufficient access controls and reliance on legacy systems, has created an increasing attack surface that can be exploited by cyber criminals determined to steal personally identifiable information (PII) and protected health information (PHI) in addition to disrupt healthcare delivery processes.
Protecting patient medical, insurance and personal information must be a top priority. However, to best protect that data, security professionals need a better understanding of the types of cyber threats they are dealing with. That was the purpose of the report, which was published in April 2019.
In addition, the report has identified gaps in policies and procedures that can result in errors by healthcare staff. In fact, the findings of the report are in line with those of the Verizon 2019 Data Breach Investigations Report (DBIR) for the healthcare industry, which indicates that the majority of breaches are associated mostly with internal actors (59%) than with external ones (42%). This means that human errors pose a bigger risk in healthcare, most often in the form of misdelivery, which Verizon describes as sending something intended for one person to a different recipient. Misdelivery is followed by publishing errors, disposal errors, loss and misconfiguration.
Before digging into the report findings, it is important to understand the challenges the modern healthcare environment faces.
Saving lives and treating patients is the top priority for healthcare organizations, and they can’t afford to have their systems down to be patched, even for just a few hours. Sustaining 24/7 operations is critical for all healthcare organizations. Consequently, outdated systems and software have become common, and many healthcare legacy systems lack essential cybersecurity controls. The truth is that in an (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/iot/cyber-security-healthcare-iot/