Hospitals and clinics have long been sitting on a data-filled gold mine, with electronic health records (patient data) as the black-market’s highest currency today. In fact, according to the 2015 KPMG Healthcare Cybersecurity Survey, 81% of health care CIOs reveal that their data has been compromised by either botnet, malware or some other sort of attack at least once in the past two years. And half of these IT executives feel insecure about their current ability to prevent future data breaches. But with all your efforts to secure your network, have you considered that the weakest link might be you?
Many hospitals have good reason to be concerned about the well-being of their patient's data, with attacks coming from the outside about once a day for 13% of respondents and another 12% suffering two or more per week.
Also according to the cybersecurity survey, 16% don’t even know they’re under siege. You can't expect to successfully protect your patient's data if you don't even know you're being attacked.
What if I told you that hackers aren't entirely to blame and that you yourself might be the reason your hospital wireless network is an easy target.
To help you better protect your patient's data and stay compliant we've identified 4 common reasons that actually make your hospital an easy target for a network security breach.
Extending Obsolete EMRs Life Cycle
With new technology, for example the internet of things, comes new medical devices and consequently new applications for those devices.
The constantly changing digital landscape requires health care providers to regularly update not only their devices and their processes but their hospital wifi infrastructure as well.
The continued use of old electronic medical records for budgetary considerations is shortsighted.
Your business applications drive your network infrastructure and if you are stuck in the past your entire system will suffer. These tools become obsolete for a reason and you'll end up losing more than you saved.
Poor Security For Digitized Records and Systems
You may have upgraded your EMRs to the new standards but implementing sub-par security protocols or its improper use will cause a lot of unnecessary frustrations.
Increasingly connected medical devices like X-ray machines, drug infusion pumps, and MRI scanners become more vulnerable to hacking if proper security measures aren’t executed.
Oversights may range from configuration errors, using the default logins and passwords to using CryptDB databases that leak non-trivial information.
In other words, the more devices that are connected the more chances you'll have to be exposed.
With the IoT growing in popularity I've come up with a simple saying to help remember to secure every inch of your hospital, "Don't forget the HVAC".
This means that in today's world even the HVAC can be "sensor-enabled" or connected to your hospital wifi network, so don't forget to make sure it's secure as well.
Suggested Reading - "Why Hospitals Need a Better Strategy to Secure Patient Data"
BYOD in healthcare isn't unusual today, in fact it's expected by both patients and doctors alike. However, BYOD does present some inherent security challenges.
For starters, you don't the devices so you'll need a solution that allows you to identify, monitor and control them all, for example a mobile device management solution or MDM.
You should have the ability to identify who the user is, what device their using, assign them a role on the network with specific permissions and then at the same time control that device in the event of it being stolen or lost.
The next BYOD security risk tends to be overlooked more than it should and that's personal responsibility and a clearly defined BYOD security policy.
Every employee should understand what's acceptable. Yes, patient data might be safe while these devices are on the hospital's network but with cloud storage and the ability to access patient data on their mobile devices what happens when that device leaves the campus?
You need to have the right plan, utilizing the right tools to guarantee everyone's safety on and off campus.
Reactive vs Proactive
Emerging technologies don't only benefit you, hackers make use of them too. Threats are becoming more sophisticated and the health care industry as a whole tends to move slowly making it difficult to keep up.
What is secure enough for today's hospitals? It's definitely become a balancing act between efficiency, the user experience and network security.
Suggested Reading - "Hospital WiFi Has a Performance Issue: The Need for Wi-Fi Management"
To create the right mix means understanding your environment, your users and most importantly the critical responsibility you have to constantly update and prepare your network for what's to come.
Being reactive when it comes to network security is a big problem, by the time you realize your being attacked it's already too late.
At SecurEdge we believe in the saying, "Always Be Planning".
Despite the increasing threats to your patient's data, health care organizations aren’t entirely powerless.
To learn more about how to secure your patient's data across your entire wireless network, simply contact us here.