Encryption is key to data protection, but not all strategies look alike
Cyber threats against healthcare organizations have been ramping up in the past few years, with highly publicized ransomware attacks leading to weeks-long network shutdowns at some institutions.
Experts warn that the situation may only worsen as bad actors become more sophisticated – as some get a boost from state-sponsored entities.
Anurag Lal, CEO of NetSfere – which provides companies with security message-delivery capabilities – caught up with Healthcare IT News to discuss what he sees as the most pressing cyber threat, how organizations can protect themselves how his experience as director of the U.S. National BroadbTask Force helped shape his perspective on these issues.
Q. Why are healthcare organizations particularly vulnerable to attacks?
A. Healthcare organizations are more at risk for cyber threats for a number of reasons. One, their systems are typically outdated slower, less secure as a result. Additionally, the pandemic accelerated the digitization of the healthcare industry, an estimated 93% of healthcare organizations experienced some sort of data breach over the past two years.
These rushed transformation processes outdated systems, combined with less centralized workplaces due to remote hybrid work, create a large amount of risk for attacks.
Another reason healthcare organizations are more vulnerable is because their data is extremely valuable to hackers. Medical records billing info create a huge target on the back of healthcare systems. Stolen health records may sell [for] up to 10 times more than credit card information on the dark web.
Q. What steps can organizations take to protect themselves?
A. Communicating efficiently securely to protect patient company data should remain a top priority as healthcare organizations become more digital. When deploying new communication channels, both internally between employees with patients providers, encryption is key.
Not all encryption is the same, though. End-to-end encryption is the “gold standard” when it comes to safe communications, verifying that messages are protected through every step of the process.
It’s also important to educate employees on the dangers of phishing scams, as the majority of security breaches are a result of human error.
Q. On a related note, how can an organization be cognizant of protecting its communications with providers patients?
A. Similarly to protecting themselves, healthcare organizations can protect their communications with providers patients by modernizing communication channels ensuring compliance. Regulations like the Health Insurance Portability Accountability Act require healthcare organizations to follow specific (stringent) standards for Protected Health Information, including sensitive patient information like medical histories test results.
At the end of the day, the patient their information are the priority should be protected as such.
Q. What actions should the federal government be taking to address this threat?
A. The government should proactively implement safeguards to protect U.S. institutions from an inevitable cyber attack attempt.
One example is encouraging organizations to require Zero Trust Security end-to-end-encryption. The idea behind the Zero Trust Security model is to “never trust, always verify” to protect data intellectual property most securely. All resources are continuously authenticated, verified authorized.
As I mentioned earlier, with E2EE, data is encrypted on the sender’s system or device, only the intended recipient is able to decrypt read the message. Ensuring that business communication is locked down in this way applies zero trust principles to mobile messaging collaboration.
Q. You were director of the U.S. National BroadbTask Force under the Obama administration. How did that experience help shape your perspective on these issues?
A. During my time working on the Task Force, I saw in real-time the very serious threats that exist saw how cyber-attacks affected other governments. For example, [bad actors linked to the] Russian government hacked the Ukrainian power grid, resulting in nationwide outages. Later, [they] installed malware on Ukraine’s accounting software, causing billions of dollars in damages.
Q. Do you have any predictions for the next few years in the cybersecurity sector?
A. I predict that cyber-attacks will become more technologically advanced, so our ability to protect organizations governments will need to become more advanced alongside them. This is evidenced by skyrocketing cyberattacks with 1,862 publicly reported breaches in the U.S. in 2021, up more than 68% from 2020.