Tech Vigil an unique Technology Blog

Scalpel, Banana & Reciprocating Saw: Healthcare Data Security

Well, if you are a trained clinical expert approximately to carry out surgical treatment you’d be achieving for the scalpel (not to say having multiple questions). After many years of training, a medical expert is aware of that is the right device for the activity when it comes to healthcare. They are very good at what they’re properly at. However, on the subject of protective the healthcare, IT structures that assist guide patient care they may not be the perfect candidate for the challenge to hand.

Attackers were concentrated on healthcare companies increasingly as the price of the health information has tested to be higher than the common credential set being located. Electronic fitness records, or EHRs, were established to have a higher cost based on studies. They include a veritable treasure trove of facts that now not only has the call, address, employment, credit information and so on. They also comprise all your clinical history.


While you could take steps to mitigate the fallout from having your credit cards uncovered, there isn’t a great deal you may do in case your clinical statistics is uncovered. That precise genie can’t be crammed lower back into the bottle.

In point of truth, as of Dec. 27, 2018, the Department of Health and Human Services’ Office for Civil Rights (OCR) has acquired notifications of 351 information breaches of 500 or more healthcare data. Those breaches have resulted within the exposure of 13,020,821 healthcare records.
This honestly begs the question: how can this data be better protected? There are numerous steps that can be taken to better shield EHRs general. First and main is encrypting the information. This is not practiced this is as pervasive as it needs to be in 2019. While some agencies do leverage encryption to protect their structures, there is an equal degree of agencies that don’t protect the information they are chargeable for. Another step that can be taken is to paintings in the direction of de-identity of statistics so that within the occasion there’s an information breach the aforementioned data can’t be mapped back to an man or woman.

Then there is the need to have a robust eye toward zero consider from a community angle. Network sector segmentation has constantly been a good exercise to make sure that only systems and individuals that want to have got admission to can get admission to systems and statistics. That being stated, I actually have worked in environments inside the past wherein there has been no such segmentation and anyone related to the community ought to probably view resources for which they had no get admission to requirement.

One of the gotchas in any IT surroundings – and healthcare isn’t impervious to this – is the venerable static password. The price of in my view identifiable data (PII) rises whilst there are healthcare records associated with it. The attackers recognize this and they’ll, fortunately, leverage method such as phishing to gain access to sensitive protected health information. Multi-element authentication (MFA) is an awesome manner to assist fight this problem. If an attacker can advantage get right of entry to passwords they may not provide a splendid go back if MFA has been deployed. This is especially actual if the MFA is making use of the Universal 2d Factor to further confound the attacker. U2F is an open authentication popular that strengthens and simplifies two-aspect authentication by way of utilizing USB or close to-subject verbal exchange (NFC) gadgets which include YubiKeys.

Attackers will not be going away anytime soon. Case in point, years in the past I became working for a protection contractor and we’d locate our patron turned into constantly being attacked from all parts of the globe. One day out of frustration I requested if there was any purpose why there might ever be legitimate traffic from international locations X, Y, and Z.

The answer becomes a flat “in no way.”

I crafted up a bogon listing that included the netblocks for the aforementioned countries and added that to the edge router. Attack site visitors dropped off exponentially. Now, this becomes an development, however, did not anything to obviate the attacker from finding another street.

That’s the rub. The attackers will hold coming. Ensuring that EHRs are blanketed is a steady war of increments, but one which can be gained. As the once a year HIMSS healthcare information and technology conference procedures, we need to take into account that the requirement is to shield information and structures in order that healthcare experts can focus on affected person care and no longer must worry approximately the reciprocating noticed (or the banana).

Leave a Comment