How to Stay Ahead of Hackers Targeting Healthcare ePHI

March 13, 2019 Arctic Wolf Networks

Connected medical devices are a convenience for healthcare providers — but they’re also a shot in the arm for clever hackers. This is why we see hackers targeting healthcare ePHI.

An analysis by the HIPAA Journal showed that 43 percent of data breaches in healthcare in 2018 were due to hacking/IT incidents.

With the proliferation of medical devices connected to the IT network, cybercriminals have a new menu of options when they need easy, backdoor access to ePHI. As the U.S. Department of Health and Human Services recently noted in a report, “Cybersecurity is an area with increasing risk to patients and the healthcare industry as more medical devices use wireless, internet, and network connectivity.”

Expanded Attack Surface

Networked medical devices impact healthcare security not just because they’re becoming widespread. They expand the attack surface for hackers due to:

  • Weak security— lack of robust security controls makes them easily exploitable.
  • Difficulty patching — patches either don’t exist or are not applied for fear of impacting device functionality.
  • Network access — IP connectivity is a convenience for hackers looking for remote access to a hospital or another medical provider.

Beating Hackers at Their Game

Identifying both internal and external vulnerabilities will significantly minimize the attack surface. Hackers tend to go after low-hanging fruit and the harder you make access, the more likely they’ll move on to another target.

To ensure vulnerabilities don’t fall through the cracks, 24/7, real-time monitoring is the best way to address medical device security. If you’re only scanning for vulnerabilities at intermittent intervals, you’re leaving the door open for attackers to slip in.

SOC-as-a-Service Can Fill the Gap

A best practice for 24/7 monitoring is to establish a security operations center (SOC), which enables ongoing monitoring of both the OT and IT networks. A SOC provides advanced threat detection and response, centralizing the security personnel and technology in one location.

But various barriers, such as high costs and lack of skilled cybersecurity talent, often prevent healthcare organizations from creating an in-house SOC. A cost-effective alternative is to use a SOC-as-a-service provider to give you the full protection of 24/7 vulnerability assessments.

To learn more about how SOC-as-a-service can help you stay ahead of the cybersecurity threats dismantling healthcare organizations, read our white paper.

 

Previous Article
The 2019 Cyberthreat Defense Report Answers the Big Questions in Cybersecurity Today  
The 2019 Cyberthreat Defense Report Answers the Big Questions in Cybersecurity Today  

The 2019 Cyberthreat Defense Report lets you know where there are gaps in your cyberthreat defenses relativ...

Next Article
All Things Cybersecurity on Display and in Discussion at RSA 2019
All Things Cybersecurity on Display and in Discussion at RSA 2019

Cybersecurity insiders and dilettantes alike came from near and far to San Francisco last week to RSA Confe...

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!