Healthcare News & Insights

4 new security threats healthcare providers will face in 2013

The healthcare sector is increasingly being targeted by cyber criminals. What are the new threats providers must watch for? 

While cyber attacks are on the rise in many industries, healthcare organizations are at a particularly high risk, according to a recent Washington Post article. A year-long study of cyber security by the newspaper found that health care is one of the industries most at risk of attack.

So far, the medical sector has seen relatively few attacks when compared to others, such as finance and the military. However, hospitals and health systems are also comparatively ill-prepared to stop cyber attacks, researchers say, and IT security experts and government agencies have recently warned about the potential for increased threats in health care.

Terrorists, activist hackers and other criminals could attack healthcare systems to commit identity theft or threaten patient safety, experts say.

One major problem is that security practices haven’t kept pace with advancements in technology. For example, the provisions regulating the federal incentive program for electronic health records (EHRs) don’t include enough standards to protect security, many experts say. Also, many groups have argued that the FDA has failed to keep up to date with advancements in medical devices that allow those tools to be hacked.

New and emerging threats

To prevent those breaches, healthcare providers need to learn how to use their new technology safely and recognize emerging threats to patient data.

These are some of the cyber threats healthcare organizations need to be ready for in 2013, according to Kroll Advisory Solutions:

  1. “Vampire data” — With many organizations newly switching over to EHRs and other health IT systems, data often exists in multiple physical and digital copies, and providers can easily lose track of what data exists. Data breaches often occur because information wasn’t secured because the organization didn’t know it was there in the first place.
    Kroll recommends providers take an inventory of all their data and make sure it’s protected. Also, policies and procedures should be in place to prevent the storing of unnecessary information.
  2. Cyber warfare — Hackers aren’t just trying to steal information and make money, Kroll says. Many attacks now involve activists and terrorists whose primary goal is to erase data, disrupt networks and cause other havoc. And, according to the company, small organizations as well as big ones are in the cross hairs.
    To prepare, Kroll says, organizations should make sure they’re backing up data, especially critical patient information. That’s also important to protect against patient harm in the event that data is accidentally destroyed.
  3. Incomplete logs — With attacks on the rise in health care, preparing to respond to breaches is almost as important as trying to prevent breaches in the first place. However, Kroll says, many organizations don’t have the proper tools in place to log network information and make it possible to conduct a thorough investigation after a breach.
    The firm says all providers should have logging mechanisms in place and train breach responders so they know how to avoid wiping vital evidence.
  4. Noncompliance with disclosure regs — Another key element of responding to a data breach is to make sure required entities are notified quickly enough for the organization to comply with regulations. In addition to following the rules, timely notification can help prevent harm done to patients and protect the provider’s reputation.
    To be able to take care of that notification, healthcare organizations must have a plan in place before a breach occurs. That includes making all necessary employees are aware of the applicable laws and clearly delineating who’s responsible for what.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.