Cybersecurity attacks have increased dramatically in the past two years, especially in the healthcare sector. According to the 2017 Cyber Healthcare & Life Sciences Survey

47 percent of providers and health plans said they had instances of security-related HIPAA violations or cybersecurity attacks impacting data.

However, according to the same study…

Only 35 percent of healthcare organizations believe they are “completely ready” to defend against a concerted cyber-attack.

And while the concerns in healthcare have historically surrounded protecting patient confidentiality, the rise in ransomware and other attacks have added new risks to the list: the integrity and availability of patient data, particularly in medical devices.

How to Protect Patient Data from Cyber-attacks

As we’ve seen multiple times this year, ransomware attackers are now targeting patient data, often encrypting it, as a way to hold hospitals hostage. These new attacks could lead to literal life or death situations.

In order to protect patient data from ransomware or other related cyber-attacks, it’s important for healthcare organizations to be prepared and proactive. Encryption is key, especially in cloud-based environments. Based on the guidance issued by the OCR, ransomware attacks are generally considered as reportable data breaches unless it can be demonstrated that the data was encrypted prior to the attack. It’s also important to make sure your hospital meets the latest HIPAA data backup requirements.

How to Protect Medical Devices from Cyberattacks

Hospitals today are dependent on a significant number of devices that are connected to their network. And, if these devices are not properly secured, they can be an entry point for a hacker.

Since medical devices are often supported by a third-party vendor, the best way to protect your medical devices from cyber-attacks is to build in security protections around those devices, such as firewalls, antivirus, intrusion detection systems/intrusion prevention systems (IDS/IPS), and identity and access management (IAM) solutions. Segmentation should also be used as an extra layer of protection for vital applications and sensitive data.

IT’s Role in Protecting Patient Data & Medical Devices

While there’s a general awareness around the need to protect patient and financial data, there is far less awareness surrounding the security vulnerabilities that exist with medical devices themselves. This is where IT leaders can add significant value in taking the proper steps to ensure that security is considered in purchasing these devices and educating hospital staff, enabling them to help protect these mission-critical assets.

BALLAST is a tool that can help you ensure that you are considering all the risks to your environment. It’s designed to eliminate the guesswork and arduous process of making sure your healthcare organization is completely protected. It’s also built with the latest HIPAA regulations and guidelines to ensure your hospital always meets the requirements.

Click here to connect with one of our cybersecurity professionals who can highlight how BALLAST can help you create a system for protecting patient data and medical devices.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.