When it comes to securing the network for a health care facility there are numerous obstacles that the IT team must face, they include but are not limited to:
- Ensuring privacy/confidentiality of “patients” (customers) records while also providing access of these records to a number of individuals in order to perform their jobs
- Mobile Issues, with the increased use of mobile devices for notes/charts
- Internet connected devices or more specifically the medical devices
- As well as a requirement to be compliant with multiple regulatory acts.
In addition, the information that is contained within their organization can be extremely profitable to those with nefarious intentions, especially considering that a health record is more valuable on the open market than a credit card. Not to mention that the infrastructure itself is one of the few that need to be up 24/7/365.
While some of the larger, well funded health care organizations have a dedicated IT security team, most have “shared resources” and a limited budget for IT.
Given this information is not surprise to note that Health care facilities are constantly under attack, and in the US each organization experiences at least one attack per month.
The most common attack security incidents are due to existing software vulnerabilities that have not been patched, web-borne malware, spear phising and lost/stolen/misplaced devices.
The threats to be on the look-out for the upcoming year, will include vulnerabilities to internet connected medical devices which criminals can exploit to find a way into the network; DDOS attacks, and Phishing Scams which are successful given that most valid emails received require immediate action.
Symtrex has been assisting health care organizations review their security posture, and provide guidance, recommendations and assistance. Should you wish to receive a consultant feel free to contact us.