The pandemic has redefined healthcare delivery, accelerating digital transformation initiatives from years to months and, in some cases, even weeks. While going digital has many benefits and efficiencies, it also introduces many new challenges and increases other known risks related to privacy, security, and safety.
Healthcare records: the gift that keeps on giving
Healthcare data is a particularly attractive target for hackers, by one estimate worth 10 to 40 times more than a credit card on the black market. Medical identity theft is often not immediately identified by the patient or provider, giving cyber criminals more time to use stolen credentials. Moreover, the information in medical records can be used for medical billing fraud, identity theft and other big-money scams over time. By comparison, the opportunistic use of stolen credit cards is shorter lived, as victims and financial institutions quickly cancel accounts once fraud is detected.
Then there’s ransomware, which gives bad actors an immediate payoff without the need to monetize any stolen data. In late October, CISA, FBI, and the Department of Health and Human Services (HHS) advised U.S. hospitals and healthcare providers of an increased and imminent cybercrime threat related to ransomware. Among other victims, the University of California San Francisco School of Medicine disclosed in June that it had paid $1.14M to decrypt files after a ransomware attack.
Keeping pace with evolving regulations
Another challenge with digital medicine is maintaining data confidentiality with ever more stringent data privacy regulations, particularly as it relates to the General Data Protection Regulation in Europe or protected health information or Personal Health Information (PHI) as defined by HIPAA in the U.S., as well as myriad state laws. With digital healthcare delivery, the attack surface grows exponentially to include medical devices, the device firmware, operating software and application, instructions these devices receive, and the patient data they collect. In the U.S., the FDA works closely with DHS and other federal agencies, the private sector, and device manufacturers to continually improve the cybersecurity of the healthcare delivery network infrastructure.
With all the bells and whistles, medical IoT brings vulnerabilities
One of biggest changes as healthcare goes digital is the growing reliance on increasingly connected smart devices, or Internet of Things (IoT) devices, for patient examination through diagnosis, treatment, and monitoring. There are implications for the security of these devices, the data they collect, their connections, and ultimately the safety of patients that are recipients of the services they deliver – be it the right doses for a medication such as an insulin pump, or the precision of a remotely controlled surgical robot. This is where a strong root of trust becomes paramount, particularly as organizations propagate trust across different areas in the healthcare field – from medical records to medical devices. But while IT leaders are quickly moving to adopt solutions to support a stronger root of trust through identity, authentication and encryption, it’s a struggle to identify where the sensitive data resides across the enterprise according to Entrust’s 2020 Global PKI and IoT Trends Study.From protecting the identities and data of hospital employees and patients, to safeguarding medical records and research, to securing medical devices and machines, healthcare digital security matters more than ever. Check out this on-demand webinar to learn more about:
- Building a strong root of trust
- Digital identity verification
- Passwordless access
- Secure prescription signing
- Secure communications