Healthcare cyberattacks increased 91% in one year

BOSTON—Targeted cyberattacks on healthcare organizations have increased 91 percent between 2012 and 2013, according to Nathan Russ, director of healthcare industry vertical for Symantec, who spoke at HIMSS’ Privacy and Security Forum on Sept. 8.

Healthcare cyberthreats keep changing due to political sources. Meanwhile, malware continues to mature. “Organizations are more exposed than ever before,” he said. But, most organizations are not strategic enough about their security efforts.

Russ noted that since the Dept. of Health & Human Services began recording breaches on its “wall of shame,” almost 34 million patient records have been compromised. That represents 12 percent of the population. “Any size provider is at risk.”

With boards of directors wanting explanations of cyberthreats, it’s “a critical time to take advantage of the opportunity to get security where it needs to be,” he said. With the assumption that all networks are breached all the time and anybody can get into anything, healthcare providers should ramp up their security efforts.

Any size provider is at risk. Russ recommended that they conduct IT asset inventory, patch management and equipment modernization. “That doesn’t happen because organizations are not focusing on hardware refreshers.”

Providers also should fully utilize the endpoint security capabilities they already own and leverage managed security services to augment their staff and capabilities. Russ also recommended that providers consider cloud options for high volume functions such as email. They need to ensure exact data match across the network, endpoints and at rest. With the growth in use of patient portals, providers need to employ multifactor authentication. Lastly, they should leverage compliance exercises for security budgeting.