Realizing the value of personal data and the risk of connected healthcare as bad actors prevail in their attacks against Healthcare Delivery Organizations (HDOs)
By Samuel Hill, Director of Product Marketing, Medigate
The conversation around data privacy is hitting new heights and for a good reason.
In 2021, healthcare data breaches hit an all-time high affecting more than 45 million individuals. As our digital interactions increase, we leave behind a thorough digital footprint revealing who we are, our habits, and our personal information. It’s easier than ever to find private and personal information about someone based on their digital habits and interactions. And personal data comprised of sensitive and valuable information is more in demand on the dark web than ever.
Stolen data is precious and can be used to target phishing attacks. In healthcare alone, 80 percent of surveyed IT professionals agreed that they had seen a continuous increase in cyber risk over the past year.
Understanding the value of data privacy in 2022 is crucial, and it will remain a priority as it increasingly becomes an area of concern. At the same time, healthcare delivery organizations (HDOs) are already facing critical staffing shortages, impeding their ability to combat cyberthreats.
To properly understand how to secure personal data, you need first to understand the devices storing them and the value they hold to cybercriminals.
Securing medical devices to protect patient’s data
The first step in ensuring data protection and privacy is to secure the medical devices and the patient data they store and transmit. About 80% of medical device types transmit or store personally identifiable information (PII)* and a recent study, found that 53% of internet-connected medical devices have a known vulnerability. The need for data security within a medical device is heightened as data exfiltration is fast becoming a top way for bad-actors to negatively impact hospital operations. The patient data stored or transmitted on medical devices is a treasure trove for those who choose to exploit it, and if the devices are not properly secured this data will be exfiltrated by bad actors.
HDOs provide an environment of connected devices that repeatedly store and transmit information, all in the course of providing needed care. However, personally identifiable information is just that, personal. Patients should take a vested interest in how their data is collected, secured, and stored so they can ask necessary questions of their care providers. As a patient, you might not always know when or how your data is used. But, it’s reasonable to expect the devices you are receiving care from are not actively allowing your data to be exfiltrated.
Preparing for the unknown as cyber risk increases
Facing a cyber-attack may be inevitable and the need for robust device security is well understood. Armed with the knowledge of how many devices store and transmit PII, security operators can escalate their projects for funding and patients can be mindful that their personal information may be at risk during their healthcare encounters. This awareness is essential for any work towards a ‘zero-trust’ environment.
Securing the PII of medical devices requires accurate device profiles, enabling the security team to know which devices actually store and transmit this data. From this foundation, they can focus on vulnerability management, clinically aware network segmentation, anomalous behavior tracking, and meaningful integrations with the entire security tool ecosystem. This holistic approach to medical device security takes the necessary steps to secure patient data and helps the HDO mitigate and combat exploitative cyber threats.
Data collected by HDOs is personal and valuable. As connected health continues to grow, this data must be kept secure and there has never been a more vital time to prioritize data privacy across all industries. We cannot allow medical devices to store and transmit this valuable commodity without appropriate compensating controls.
About the Author
Samuel is the Director of Product Marketing for Medigate by Claroty. Before working in technology, he spent seven years as an emergency room tech for two different health systems and lived through an EHR transition twice! He is a husband to one, father to four, and lives on a rural island near Seattle, WA when he is not camping. He holds a B.A. from Pacific Lutheran University and an M.A. in Strategic Leadership from Life Pacific University.