Recently we talked about the challenges healthcare providers face from data breaches and leaks. These threats sometimes come from low-tech sources, like our people. But often it is our infrastructure – both IT and medical – that’s to blame. Some examples are:
- Aging computers and those lacking malware protection
- Networked medical devices running old operating systems
- Unprotected or under-protected networks, and
- New IoT and digital mesh devices that depend on secure networks.
Of course, these are all prime targets for cyber attacks.
Now the Food and Drug Administration (FDA) is weighing in on how critical this situation has become. Healthcare IT News reported that Suzanne Schwartz, MD, will join cybersecurity engineers at the HIMSS16 Conference. They’ll discuss how healthcare providers can better deal with cyberattacks that exploit such vulnerabilities. Schwartz is the FDA director of emergency preparedness, operations and countermeasures.
The biggest cyber-threats, the best countermeasures
The biggest threats will sound familiar to our regular readers, as should how to thwart them.
Careless employees. Employees often infect computers at doctor offices, clinics and hospitals, by downloading inappropriate content. This exposes computers to malware that then infect other devices on the network. The best preventatives are acceptable-use policies, employee education and up-to-date anti-malware software.
Vulnerable medical devices. Both wired and wireless medical devices are vulnerable to cyber attack, either from malware infection or by wireless intruders. Often these not-quite-standalone devices lack sophisticated security protocols, especially the wired ones. Other more complex ones can run on older, unsupported operating systems. This is alarming, since these devices monitor and administer aid to patients in hospitals. We already mentioned anti-malware applications. You can also assist agencies by pushing manufacturers to design newer ones with intrusion detection.
Insufficient network protection and intrusion detection. Larger facilities like hospitals usually have a dedicated IT staff to secure their networks. Smaller providers do not, opting to outsource management of their IT infrastructures. In either case, it’s tough to keep the staff up-to-date in a fast-changing landscape. For all providers, the answer is having an expert IT security team. If outsourcing, make sure your MSP constantly certifies its staff. And insist on best-in-class hardware and software to detect and prevent intrusions.
But even with all these countermeasures in place, we can’t identify every emerging threat. Or can we?
Collaborative threat detection is on the horizon
Next month we’ll hear how the FDA and its taskforces are advancing cyber strategies for healthcare. This is particularly true for the emerging medical mesh, whose devices are so vulnerable.
Dr. Schwartz hinted at initiatives to encourage sharing of information about emerging cyber threats. By sharing threat data early, all parties can react to protect against intrusion. That includes IT security teams, MSPs, malware vendors and device manufacturers.
This is how Paranet’s new security suite works, by the way. It shares information continuously with the global Open Threat Exchange (OTX). With this up-to-date information, it can provide continuous and intelligent intrusion detection.
To learn more about about Paranet’s IT security management and consulting services, click here.