Healthcare Compliance: What Matters Most
By: Orhan Yildirim
While we all instantly understand the motivation for cybercriminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.
The short answer is this – healthcare and insurance are forever connected, so payment information represents a large share of the massive and exponentially growing data generated by hospitals, clinics, and other health care providers. Additionally, individual health records (EMRs or EHRs) usually contain social security numbers and other private information.
Healthcare is also a multi-billion-dollar industry and its enterprises can be held captive through ransomware and other hijacking attempts, which we’ve likely not heard much about given the fear of reputational damage or exposure of security flaws that make those victimized companies vulnerable.
Looking forward into the not-that-distant future, healthcare data will also capture not only our medical information but our very own DNA; if you’ve heard about the black market for live human organs, think ahead beyond that and consider what a celebrity or artist, Nobel Prize-winning scientist, or super high IQ entrepreneur’s DNA might be worth.
The healthcare industry is notorious for having relatively week security. A report from Security Scorecard ranked healthcare in 9th place, despite the high stakes. More recently, the media, company executives, analysts, investors, and the public are taking notice and more investment is now being made to secure not only applications and databases but the networks connecting it all.
Securing the network itself.
It’s time for the healthcare industry to be able to fully protect what they connect, and the place to start is Identity Access Management, including Privileged Access Management.
The majority of the breaches today are generated from within when malicious employees are able to steal information and share it for their own gain. Other problems occur when employees who should not have access to certain systems and devices connected by the network gain access due to weak security protocols and change a network policy that can bring the entire infrastructure down or leave a door open for malicious behavior from the outside.
It’s important to think holistically about the core infrastructure and connectivity to other networks in the increasingly ecosystem-oriented healthcare world, by monitoring, logging and securing applications and systems through the infrastructure itself.
IoT and Industrial IoT present the greatest network, data and application security challenges in recent history.
In fact, some experts believe that the business potential for the connected world is being held back due to security concerns, and rightfully so.
Ransomware is a troubling trend in the world of enterprise security.
When a computer in an enterprise is “infected” with ransomware, it automatically and persistently tries to jump other computers and propagate through the network.
The global telecom API market will grow at a CAGR of 24% from 2015 to 2022 and it is expected to reach US$325 Billion by 2022, according to a recent report by Market Research Engine.