By Nigel Thorpe, Technical Director at SecureAge |
Cybersecurity was once again top of mind in the healthcare industry recently as it was revealed that a breach of Microsoft Power Apps had exposed over 38 million records containing personally identifiable information — including records held by public health organizations.
This is obviously deeply unsettling for both patients and healthcare organizations alike. And with that, stakeholders throughout the industry are trying to make sense of exactly how this happened and what can be done to avoid these types of breaches — or at the very least mitigate them — in the future.
Here are a few steps that healthcare organizations and their cyber partners should keep in mind to both attenuate and prevent similar breaches in the future.
People make mistakes — so plan for it.
Even the most diligent app-writer or systems administrator makes mistakes, and these can leave doors open for cybercriminals to push through to steal data. Through no fault of their own, people are fallible. But luckily, security infrastructure can be built in a way to provide fail-safes that can help to deter and stop bad actors from targeting your organization. Through encryption technology and other emerging security tools, organizations can significantly bolster their cyber-defenses and eliminate many of the concerns and loopholes that arise from human efforts alone.
Make security more than just a “fence.”
Healthcare IT security usually builds protective layers around data, often in the form of authentication and access controls. The problem with this is that cybercriminals are good at evading these controls, either through hacking techniques or compromising a user account by guessing, finding, or buying passwords. The result? Bad actors can masquerade as legitimate patients or practitioners and gain access to sensitive data. These IT security fences are hugely important, as they control what legitimate users are allowed to do. However, it is important to realize that these fences we have built potentially have holes, and thus, we need to do as much as possible to fill them with pragmatic knowledge, processes, and tools.
Plan for the worst.
Nobody wants to think about a cyber breach, let alone experience one. Unfortunately, given the troves of personal data they hold, healthcare organizations remain a primary target for hackers and will likely continue to be breached as a result. Of course, this doesn’t just mean that healthcare organizations should just throw their hands up and accept defeat. However, what it does mean is that healthcare organizations need to plan for this potential eventuality and build security into their data itself. That way, if a hacker does gain access to data, it is unusable and worthless to them.
The cyber threat landscape around healthcare is likely not going to calm down anytime soon. However, by keeping these few steps in mind, healthcare organizations can make significant strides in protecting the valuable information of both their patients and their businesses themselves.