How Can Healthcare Institutions Improve Information Security In 2017?


The US healthcare sector manages highly sensitive, confidential, and diverse data, ranging from personal identification, private health records to financial information. Among all of America’s important infrastructures, it has remained a succulent target of constant attacks from countless anonymous malicious hackers. Besides the traditional financial or medical insurance fraud, the hackers also attack computer-controlled medical devices. 


Information Security Statistics 

In 2015, 223 healthcare executives among which CIO’s, CTO’s, Chief Security Officers, participated in the KPMG’s “Health Care and Cyber Security” survey. 81 percent of them confirmed that computer systems suffered from one or more cyber-attacks within the past year.

Furthermore, per Gemalto’s report “Data Breach Index for the first half of 2015”,

the healthcare sector experienced the most recent data breaches of the 16 critical infrastructure sectors. Gemalto’s researchers estimated that out of 888 reported events, 188 were of the healthcare industry. The 6th Annual Benchmark Study on Privacy & Security of Healthcare Data by Ponemon Institute, almost 90 percent of healthcare organizations questioned, experienced a data breach in the last two years. In addition to that, 45 percent of them had more than five data breaches in the same period. The researchers also estimated that cyber-attacks could cost the healthcare industry $6.2 billion. Next to that, in its report 2017 Threat Predictions, McAfee Labs and Intel Security predicts that the healthcare industry would face new threats through connected devices.

Cyber Security for Healthcare

As hackers become more focused and sophisticated in time, the cyber security issues will continue to grow in 2017. In the example of healthcare, there are many areas of improvement, experts say. 

Cyber security is not only a technology risk but a business risk as well. Therefore, at least one of the healthcare institutions’ executives should be well versatile in both. It is important to have a member of the management team who is savvy about cyber-security and can develop and execute the internal risk management strategy. Such a strategy may include educating employees at all levels about cyber-crimes threats, developing a proper plan for action in case of data breach.

Despite the growing threats of cyber-crimes, few U.S. healthcare institutions invested in a professional and well-coordinated cyber-security department. The designated cyber security team will be in charge for the development and execution of a security implementation plan, as well as for risk analysis. Other areas include managing the data breach properly if it ever happens. 

Furthermore, it is also important to establish a solid security culture within the organization. The first step towards it is to educate the personnel at all levels and to conduct regular information security sessions on an ongoing basis. 

Train your employees to disable remote sharing, to use a secure connection at the firewall and never to skip the regular software updates. Apart from that, make sure to use strong passwords and change them regularly. Discourage your employees from writing down passwords. You may also implement multifactor authentication and even fingerprint scans if needed. Use only encrypted connections.

It is also important to deactivate properly the accounts of former employees. In case you no longer need a specific software, make sure you fully uninstall it. If you need to dispose of old computers, sanitize them beforehand to ensure there is no data on them. To avoid potential data breach, you may also consider prohibiting network access by visitors. 

The culture of commitment to the privacy and security of sensitive data is an ongoing effort. If healthcare institutions manage to achieve compliance, it could protect both themselves and patients.

There are many benefits to the company of using a ‘white label’ provider to offer additional services to its customers.  Working with a partner to develop or deliver additional services includes:

·         Reduced costs (or none) of development

·         Speed-to-market

·         Learning new skill sets and market knowledge

·         Keeping focus on core offerings

·         Adding value to the customer

A ‘white label’ partner is often smaller, more nimble, and/or has a different core focus than the primary company.  If the company would like to deliver Security Services, but their core offering is around networks, they won’t already have security experts.  Some might argue that they need to build the offering themselves, but the go-to-market process for an in-house offering, often due to red tape and budgets, would likely be months if not over a year.  Another argument is that the service offering is already a proven commodity to the provider, with existing staff, who have the technical experience and the marketing knowledge to deliver effectively. 

Get in Touch!

Telephone: (919) 439-5000
1150 SE Maynard Rd
Cary, NC 27511
263 13th Ave S, Suite 340
St Petersburg, FL 33701

facebook linkedIn facebook