Device Vulnerabilities: A Blind Spot for Healthcare

Security breaches in healthcare organizations continue at an alarming rate impacting their reputation, productivity and financial health. In May, nearly 2 million healthcare records were breached across 44 organizations. Beyond the obvious risk to patient privacy, the CIOs cited the significant decrease in organizational productivity as a chief impact of these breaches. The financial punch is staggering when you consider that the average cost of a healthcare data breach in the US is $15M.

With eroding margins, the business simply can’t afford a breach of any size. Yet, electronic health records remain the target for cybercriminals because of their value on the black market.

In 2018, Health and Human Services issued cybersecurity guidelines for the healthcare sector. The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, provides voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.

The guidelines provide important insights, best practices and guidance from over 150 cybersecurity and healthcare experts from industry and the government.  This important guidance lays the foundation for how we approach security across the entire healthcare landscape.

The work done by HHS highlights an additional area of vulnerability in healthcare. Connected medical devices like pacemakers, insulin pumps, magnetic resonance imaging (MRI) and computerized tomography (CT) machines and patient monitoring systems are deeply integrated into the clinical workflow and represent a new access point for hackers. These technologies can be exploited to gain access to personal patient data or render entire hospital systems inoperable.

The need for better endpoint visibility and control is a blind spot for many healthcare organizations – lacking an affordable and effective approach.

Atos delivers comprehensive security technologies and processes globally to retail, energy, education, hospitality, manufacturing, financial services, healthcare and government sectors. Our methodology provides the flexibility and expertise to help clients develop both effective and affordable security solutions.

5 recommendations to strengthen healthcare organizations against hackers:

1.       Develop stronger end point protection systems

2.       Train your teams on email protocols to ensure your systems are effective

3.       Create a process for collaboration between facility (owners of the medical devices) and information services/technology (owners of the network and applications) for your IoT security strategy

4.       Examine your incident response practices and practice them

5.       Evaluate your cybersecurity policies and procedures.

6.       Ensure systems are properly patched.

The risk of a security breach continues to increase for healthcare organizations, placing tremendous pressure on healthcare leaders to ensure they have a solid foundation of security and the insights needed to manage vulnerabilities within IoT into the future. As we consider the value of protecting patient data, Atos has both the breadth and depth of industry expertise in cybersecurity. Patient’s deserve the peace of mind from having their identity and personal information secured.