Healthcare News & Insights

How some hospitals are automating cybersecurity

In the ongoing fight to guard patients’ protected health information (PHI) and prevent data breaches, new research shows most providers are still struggling — but some have found effective methods to help. 

technology shieldsThat’s one of the findings from yet another study examining what cybersecurity challenges providers face, and how their security is living up to the task.

As with other recent studies, the report corroborates that data breaches and cyberattacks are a growing problem, and that information security leaders at these facilities may be struggling to keep PHI private.

Wide-spread attacks

The new study by KPMG, a global professional service provider and advisory firm, polled more than 200 execs and IT leaders at hospitals and health plans about cybersecurity.

Researchers found the majority of facilities and health plans (81%) have had some kind of cyberattack on their data in the last two years, along with many attempted attacks:

  • 44% of respondents said they’ve had between one and 50 attempted attacks
  • 38% said they’ve had between 50 and 350 attempted attacks, and
  • 13% said they’ve had more than 350 attempted attacks on their system.

The study also shows the greatest data vulnerabilities leaders are facing, including:

  • external hackers (65%)
  • sharing PHI and other data with vendors or business associates (48%)
  • employee-related breaches (35%)
  • wireless computing (35%), and
  • inadequate firewalls (27%).

However, a common issue providers face is a lack of resources, such as not enough IT staff to devote to cybersecurity tasks like monitoring systems for vulnerabilities. The study notes that about 16% of respondents said they couldn’t monitor their system for breaches in real-time.

As a result, organizations will have to find methods to compensate for these deficiencies.

Security case study

One hospital has found a way to work around its limited resources and improve cybersecurity.

As Healthcare IT News reports, Kentucky-based St. Elizabeth Healthcare recently implemented software which can monitor devices and systems for potential vulnerabilities with little user interaction.

The system worked with vendor Tenable Network Security to roll out software that can provide continuous monitoring for “smart” medical devices which can access other parts of its system for data.

This kind of safeguard is especially important given the recent warning from the government about certain medical pumps being at risk for cyberattack. It can often be difficult to protect these kinds of devices, especially older devices, which typically can’t be upgraded with security patches or easily assessed for vulnerabilities.

“CT scanners, MRIs, smart IV pumps – any of these endpoint devices may be running on outdated systems that leave the entire network vulnerable to attack, but you can’t perform traditional vulnerability assessments because taking the systems offline is risky and could diminish patient care,” said Harold Eder, director of IT infrastructure and security at the hospital.

The software allows the hospital’s security team to focus on more detailed security measures.

As hospitals continue to expand the number of devices with PHI access, they’ll have to find ways to account for these new access points. Most cyberattacks take months to find so having automated security in place can increase your chances of finding a breach before any serious damage gets done.

 

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.