Scalpel, Banana & Reciprocating Saw: Healthcare Data Security

There is a scalpel, a banana, and a reciprocating noticed laid out on a chilly steel table in front of you.

Which do you pick out?

Well, in case you are a skilled scientific expert approximately to carry out the surgical treatment you’d be achieving for the scalpel (no longer to mention having a couple of questions). After a few years of education, a scientific expert knows that that’s the proper device for the healthcare job. They are excellent at what they’re appropriate at. However, when it comes to protecting the healthcare IT systems that assist in supsupportson care, they won’t be the ideal candidate for the challenge handy.

Attackers have increasingly focused on healthcare providers as the price of the fitness information has been validated to be better than the average credential set being found. Electronic health statistics, or EHRs, had been demonstrated to have a higher price based on studies. They contain a veritable treasure trove of facts that not best has a call, cope with, employment, credit facts, and so on. They additionally include all your clinical history.

That specific genie can’t be crammed again into the bottle. While you may take steps to mitigate the fallout from having your credit playing cards uncovered, there isn’t a great deal you could do if your medical records are exposed. In factor of truth, as of Dec. 27, 2018, the Department of Health and Human Services’ Office for Civil Rights (OCR) has acquired notifications of 351 records breaches of 500 or extra healthcare data. Those breaches have resulted in the publicity of 13,020,821 healthcare records.

This sincerely begs the question: how can this information be higher protected? Several steps may be taken to guard EHRs standards better. The first and predominant is encrypting the information. This isn’t an exercise. This is pervasive because it should be in 2019. While some companies leverage encryption to defend their systems, there may be an identical degree of corporations that don’t guard the facts they are accountable for. Another step that can be taken is to paintings towards the de-identity of facts so that the aforementioned information can’t be mapped again to a man or woman in the case of a fact breach.

Then there’s the need to have a robust eye closer to zero agree with from a networking angle. Network sector segmentation has always been a great exercise to ensure that the simplest structures and individuals who need access can access structures and information. That being said, I even have worked in environments in the beyond wherein there was no such segmentation, and absolutely everyone related to the community could potentially view sources for which they had no get admission to requirement.

One of the gotchas in any IT environment – and healthcare is not impervious to this – is the venerable static password. The cost of, in my view, identifiable information (PII) rises when there are healthcare statistics associated with it. The attackers understand this, and they will happily leverage the method and phishing to access touchy-covered health facts. Multi-issue authentication (MFA) is a superb manner to assist in fighting this hassle. If an attacker can benefit from passwords, they’ll not offer an exceptional return if MFA has been deployed. This is especially true if the MFA is using the Universal 2nd Factor to similarly confounding the attacker. U2F is an open authentication trendy that strengthens and simplifies -component authentication with the aid of utilizing USB or near-discipline conversation (NFC) devices along with YubiKeys.

Attackers will no longer be going away anytime quickly. Factor case, years ago, I turned into operating for a defense contractor, and we might locate our customer turned into constantly being attacked from all components of the globe. One time out of frustration, I asked any reason why there would ever be legitimate traffic from nations X, Y, and Z.

The answer turned into a flat “never.

I crafted up a bogon listing that protected the netblocks for the aforementioned nations and added that to the brink router. Attack visitors dropped off exponentially. Now, this turned into an improvement. However, it did not do anything to obviate the attacker from finding some other avenue. That’s the rub. The attackers will preserve coming. Ensuring that EHRs are covered is a consistent battle of increments, but one that can be gained. As the once-a-year HIMSS healthcare facts and era conference procedures, we need to remember that the requirement is to protect facts and structures so that healthcare specialists can deal with patient care and now not worry about the reciprocating saw (or the banana).


I’m a technophile who loves everything about technology. I enjoy learning new things about new gadgets and technologies. I started Droidific because I wanted to share what I was learning with other people who love gadgets, new technology, and all the different ways they can be useful.