Today’s sophisticated and complex malware targets all industries, and healthcare industry is becoming a popular choice amongst attackers. Healthcare organizations should have another look at their cyber security structure around endpoint devices like laptops, tablets, desktops, smartphones, patient control and monitoring devices.
A recent survey on healthcare security with respondents comprising healthcare organizations stated that their organizations are not thoroughly armed to tackle malware threats, particularly with endpoint devices. Personal Health Information (PHI) and other private and sensitive information are normally shared using endpoint devices to organize patient care and connect to more databases of patient data.
Cyber criminals are focusing on businesses with harmful malware, such as Cryptolocker and Shamoon that have the capability to freeze a hospital or healthcare system. This can lead to electronic health record (EHR) downtime and a major threat to patient security.
Attackers are stubborn and will strive to achieve their goals unless these organizations have a powerful mechanism to defend against attacking endpoints and possibly steal data. Because of the interconnected nature of how these organizations function, an attack gives access not only to the device that has been hacked but to an organization’s complete data.
Endpoint devices continue to be the weakest component and the prime attack targets.
Few Insights from the Survey
The point of threat as per the survey are:
The survey indicated that:
- 80% of participants informed that their mobile endpoints have been the target of malware in the previous year.
- 60% stated that the challenge to manage endpoint security has increased in the past 24 months.
- 61% of respondents said that the endpoint security is turning out to be a more vital aspect of their overall IT security strategy.
- 60% of respondents said that rather than the device, the security strategy concentrated more on safeguarding data.
- Cloud applications, BYOD, and work from offsite locations also contribute to the increase in endpoint risk according to few respondents.
Working Towards the Future
Providers of healthcare are mandated by HIPAA regulations to protect health IT systems physically and should also ensure that PHI is safe on their network devices.
This has become an overwhelming task for many healthcare experts considering that daily care schedules include more health information exchange programs, wearable mHealth technology, BYOD policies and further linked end-point devices.
Healthcare organizations need to implement stringent security processes to safeguard PHI and device security. Healthcare providers are recommended to use a multi-layered security process, foster partnership with security professionals, and use a next-generation security solution. With the growth of technology, new and advanced medical devices are designed to perk up patient outcomes. But if the security measures are not strengthened, endpoints can make patient security and hospital operations vulnerable.
For healthcare organizations, according to HIMSS, possible vulnerabilities in healthcare application and possible loss of life due to compromised networks and medical devices are major worries in 2016.
Endpoint Security with Saner
SecPod Saner is a platform that provides continuous visibility and control for all endpoints. It proactively remediates risks and detects and responds to threats. Saner combines endpoint vulnerability, patch and compliance management with endpoint threat detection and response into one easy to manage solution. Saner performs daily checks to ensure all endpoints meet regulatory compliance benchmarks, such as PCI, HIPAA and ISO 27001. With Saner, configuration discrepancies are detected and automatically fixed. Saner helps healthcare organization:
- Meet healthcare regulations, safeguard data, medical records, and devices.
- Allow hospital staff to proactively detect the signs of the breach and contain it rapidly and effectively.
- Detect and fix potential vulnerabilities in endpoints and make that a continuous process to ensure devices are always vulnerability free.
Discover, detect and rank risks and threats so correction measures can be appropriately implemented and attain and maintain compliance.
– Rini Thomas