Healthcare Compliance: What Matters Most



By: Orhan Yildirim

While we all instantly understand the motivation for cybercriminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.

The short answer is this – healthcare and insurance are forever connected, so payment information represents a large share of the massive and exponentially growing data generated by hospitals, clinics, and other health care providers.  Additionally, individual health records (EMRs or EHRs) usually contain social security numbers and other private information.

Healthcare is also a multi-billion-dollar industry and its enterprises can be held captive through ransomware and other hijacking attempts, which we’ve likely not heard much about given the fear of reputational damage or exposure of security flaws that make those victimized companies vulnerable.

Looking forward into the not-that-distant future, healthcare data will also capture not only our medical information but our very own DNA; if you’ve heard about the black market for live human organs, think ahead beyond that and consider what a celebrity or artist, Nobel Prize-winning scientist, or super high IQ entrepreneur’s DNA might be worth.

The healthcare industry is notorious for having relatively week security. A report from Security Scorecard ranked healthcare in 9th place, despite the high stakes. More recently, the media, company executives, analysts, investors, and the public are taking notice and more investment is now being made to secure not only applications and databases but the networks connecting it all.

Securing the network itself.

It’s time for the healthcare industry to be able to fully protect what they connect, and the place to start is Identity Access Management, including Privileged Access Management.

The majority of the breaches today are generated from within when malicious employees are able to steal information and share it for their own gain.  Other problems occur when employees who should not have access to certain systems and devices connected by the network gain access due to weak security protocols and change a network policy that can bring the entire infrastructure down or leave a door open for malicious behavior from the outside.

It’s important to think holistically about the core infrastructure and connectivity to other networks in the increasingly ecosystem-oriented healthcare world, by monitoring, logging and securing applications and systems through the infrastructure itself.

Similar Blogs

Dynamic Cyberattacks Call For Intensified Dynamic Password Control Through Automation

Dynamic Cyberattacks Call For Intensified Dynamic Password Control Through Automation

When the Covid-19 pandemic began, organizations across all industries were forced to go digital, which unfortunately led to a boom-time for potential cybercriminals. Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals, with phishing and ransomware remaining the most common approach, accounting for 33 percent of cyberattacks.

read more