HEAL Security Healthcare Cybersecurity Roundup: May 3, 2023

Don't miss this week’s healthcare cybersecurity roundup from HEAL Security Dispatch.

In this edition:

Mitigating risk in an increasingly connected environment

At the 2023 HIMSS Global Health Conference, experts shared strategies to strengthen device security and manage third-party risks.

Healthcare organizations face significant security challenges due to their extensive use of network-connected devices, which can surpass 26,000 on average.

Nearly 20 percent of connected medical devices run on unsupported operating systems, with nurse call systems and infusion pumps most at risk.

UNC Health CISO Dee Young recommended the Software Bill of Materials to manage devices effectively.

Others emphasized collaboration as vital for risk management and ensuring appropriate back-channel access.

Experts also advised adopting a Zero Trust security model and establishing a baseline for normal device behavior.

?

20% of healthcare orgs don’t enforce cybersecurity protocols

A recent Salesforce survey found that only one-fifth of healthcare organizations enforce cybersecurity protocols, and just two-fifths of healthcare workers review security protocols before using new tools or technology.

The survey of 400 healthcare workers also showed that 31% were unsure how to respond to a breach, and only 54% said their training was effective.

While 67% of workers reported a security-first culture, just 39% checked protocols before adopting new technology.

Given the high risk of data breaches and cyber attacks, it’s imperative for the healthcare industry to address gaps in their cybersecurity protocols and training programs to protect patient data.

?

Cyber criminals exploit vulnerabilities in healthcare APIs

The rise of APIs in the healthcare industry has revolutionized data exchange, providing a platform for seamless and secure interactions between patients and providers.

However, APIs have also created vulnerabilities that cyber criminals exploit to perpetrate data breaches.

Healthcare organizations need to prioritize API security and compliance from the outset, a Help Net Security article advises.

Technical leaders should approach API design with security in mind, and the government must pursue cyber criminals with the same fervor as any other criminal.

Adopting principles such as FHIR compatibility, trusted connectivity and data visibility limitation controls can create a framework for secure and standardized information exchange.

https://healsecurity.com/the-silent-killers-in-digital-healthcare/

Top 4 major threats to private health information

The healthcare industry has become a prime target for cyber criminals, who use stolen medical histories to create targeted scams or make fraudulent insurance claims.

Security firm Drata found that private health information breaches most commonly occur through hacking, unauthorized access, theft and loss.

The healthcare industry's lack of experience in cybersecurity and slow adoption of electronic health records make it easier for cyber criminals to steal sensitive information from servers and emails, and human error can also lead to loss of data.

To protect patients' personal information, healthcare companies need to prioritize cybersecurity measures and invest in advanced technologies.

To receive daily updates on global healthcare cybersecurity, subscribe to our information and insights service at healsecurity.com.

Also visit the HEAL Security YouTube Channel: https://lnkd.in/gqaqKZae

@HEAL Security | Cognitive Cybersecurity Intelligence for the Healthcare Sector