Was the Anthem data breach in the United States recently a wakeup call to healthcare organisations? asks Jonathan Levine, CTO at Intermedia.
If you’ve followed the news behind recent highly publicised data breaches, such as those at Sony, JP Morgan and others, you’ll notice that this latest Anthem breach follows a very familiar trend. Corporate IT systems are fighting a losing battle against hackers.
Unfortunately, when it comes to data breaches and cyberattacks, healthcare organisations are a prime target. Why healthcare systems? A few reasons: (1) many healthcare providers continue to maintain an IT infrastructure that is old and inadequate, (2) shrinking IT staff combined with end of life equipment exposes vulnerabilities and (3) budgetary limitations create IT constraints.
According to the Identity Theft Resources Centre, attacks on hospitals and other healthcare organisations accounted for 42.5 per cent of all major data breaches in 2014 – and that number is only expected to grow. How do healthcare companies stay protected?
So where does that leave smaller healthcare organisations that don’t have massive resources dedicated to protecting against these sophisticated cyberattacks? Luckily, there’s a silver lining. Even if you’re a small organisation, you can still have access to enterprise-class security tools to protect your data.
It’s also worth noting that the target in this most recent attack appears to be identities (name, SSN, DOB, email), not medical history, making this relevant for any organisation that stores customer, employee or other individual identity information – in essence, every organisation in the world. Here are some tips to help safeguard your business, and keep your name out of negative headlines:
Stop them from phishing for a back door. In the past, users could avoid phishing scams by simply checking the destination of links before clicking them, or only opening links sent from known sources. Unfortunately, today’s phishing attacks are much more sophisticated. Email security solutions like McAfee ClickProtect can help solve this problem by scanning links twice – first, at the moment when the email reaches the server; and second, at the moment the user clicks the link.
Add an additional layer of security for logins. Even if your login credentials are stolen, having another layer of ID verification can help prevent against unauthorised access. This is where two-factor authentication (2FA) comes into play.
Encrypt important information. Scrambling sensitive data is the next option, so that reading the data should require having a different (and additional) set of authentication credentials. In the case of Anthem, patient info was stored in a database, which can have its own encryption mechanisms. But other files can also be encrypted with disk, device or application passwords.
Implement rigorous access management processes. To successfully manage user access during employment – and even after an employee leaves – your business should have a series of processes and best practices in place for user lifecycle management. This includes managing employee access privileges and instituting a rigorous IT offboarding process.
Promote strong password policies. An increase in breaches
Data breaches will continue to happen. Establishing an effective data security plan now can help protect your clients and your organisation against the potential consequences of a data breach.
