Healthcare Compliance: What Matters Most



By: Orhan Yildirim

While we all instantly understand the motivation for cybercriminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.

The short answer is this – healthcare and insurance are forever connected, so payment information represents a large share of the massive and exponentially growing data generated by hospitals, clinics, and other health care providers.  Additionally, individual health records (EMRs or EHRs) usually contain social security numbers and other private information.

Healthcare is also a multi-billion-dollar industry and its enterprises can be held captive through ransomware and other hijacking attempts, which we’ve likely not heard much about given the fear of reputational damage or exposure of security flaws that make those victimized companies vulnerable.

Looking forward into the not-that-distant future, healthcare data will also capture not only our medical information but our very own DNA; if you’ve heard about the black market for live human organs, think ahead beyond that and consider what a celebrity or artist, Nobel Prize-winning scientist, or super high IQ entrepreneur’s DNA might be worth.

The healthcare industry is notorious for having relatively week security. A report from Security Scorecard ranked healthcare in 9th place, despite the high stakes. More recently, the media, company executives, analysts, investors, and the public are taking notice and more investment is now being made to secure not only applications and databases but the networks connecting it all.

Securing the network itself.

It’s time for the healthcare industry to be able to fully protect what they connect, and the place to start is Identity Access Management, including Privileged Access Management.

The majority of the breaches today are generated from within when malicious employees are able to steal information and share it for their own gain.  Other problems occur when employees who should not have access to certain systems and devices connected by the network gain access due to weak security protocols and change a network policy that can bring the entire infrastructure down or leave a door open for malicious behavior from the outside.

It’s important to think holistically about the core infrastructure and connectivity to other networks in the increasingly ecosystem-oriented healthcare world, by monitoring, logging and securing applications and systems through the infrastructure itself.

Similar Blogs

Enterprise Risk Appetite Frameworks Should Include PAM

Enterprise Risk Appetite Frameworks Should Include PAM

Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”

read more