INDUSTRY WATCH
PHI CONTAINS MORE
PERSONAL DATA POINTS
AND CANNOT JUST BE
REISSUED IN THE EVENT
OF A PROBLEM.
T
he Internet of Things
has transformed the
healthcare sector, allowing
practitioners to easily
share information and
deliver personalised treatments. Yet
many experts in the security industry
believe that of all the industries facing
serious cyber threats, healthcare
is possibly the most at risk. That’s
because relatively speaking, healthcare
organisations are still behind when it
comes to security defences.
It’s also well-documented that external
attackers have set their sights on
protected health information (PHI). The
value of medical records on the black
market is at least 10X higher than credit
card data.
Why? PHI contains more personal data
points and cannot just be reissued in
the event of a problem. Bank account
details and passwords can be changed
following a breach; but information
about allergies, disabilities, mental
health or hereditary conditions, can’t.
So, securing this data and a healthcare
institution from these calculated threats
should be a top priority.
The nature of healthcare, requires that
organisations within this sector keep
highly sensitive patient data on file.
Doctors need to have this information
to make informed decisions about
patients, and the ability to easily share
this information within a healthcare
network, has resulted in significant
advancements in the way patients are
treated. Personal and medical details
www.intelligentcio.com
are also used by staff who handle post
care activities, from post-op follow-up to
billing. This reduces the admin involved
and makes it a far more efficient
experience for patients.
However, housing this kind of personal
information poses a severe risk. Without
the right security in place, this data is left
exposed to external threats, as malicious
actors use targeted threats to infiltrate
networks. But when you’re dealing with
something as important as people’s lives,
it’s not enough to only have security
in place, the continuity of services is
vital. Take the WannaCry ransomware
outbreak earlier this year for example,
where entire hospitals in the U.K. were
shut down.
Healthcare institutions therefore need
to have a cyber resilience strategy in
place. This will help them defend against
threats such as ransomware, allow
continuous access to critical applications
and information during an attack and
provide the ability to recover data to the
last known workable state, after a threat
is neutralised.
But it even goes beyond external threats.
Equally important is making sure the
organisation is insulated from mistakes
by both well-meaning employees and
malicious insiders. Busy staff members
are bound to make mistakes regarding
PHI. With the ubiquity of email, it’s
not uncommon to find a breach where
employees accidentally (or carelessly)
attached a spreadsheet or document
containing PHI. A mistake like this could
result in personal harm or defamation
INTELLIGENTCIO
89