Last month, Anthem Incorporated - one of the world’s leading health insurance companies - made a very grim announcement to shareholders and clients. It was, a representative explained, the target of a “very sophisticated external cyberattack,” which allowed hackers to gain unauthorized access to its IT systems. The personal information of eighty million clients - data ranging from birthdays and names to medical IDs, social security numbers, street addresses, email addresses, and employment history - was compromised. For most of us, stories like this are nothing new. It’s the same old song and dance every time. Someone made a mistake, overlooked a vulnerability, or lost a phone. A business was DDOSed, hacked, or infested by malware. In every case, the results are basically the same. A ton of people get their personal information stolen and the company responsible takes damage control into overdrive. Sometimes there’s a lawsuit; sometimes there isn’t. Eventually, the breach fades into memory, replaced by news of yet another attack. “The Anthem data breach along with other highly-publicized cases like Sony and Target tells us that corporate information systems are fighting a losing battle against hackers;” explains CIO’s Paddy Padmanabhan. It needs to stop - especially where healthcare is concerned. Healthcare providers routinely manage some of the most sensitive, vital information in the world. By breaking into a hospital’s database, a hacker has every single scrap of information they could possibly require to commit fraud or identity theft. In spite of this - in spite of how important it is that healthcare information remain protected - healthcare providers routinely have the shoddiest security in enterprise. A 2014 State of Email Trust Report by Agari listed the healthcare industry as being at the highest risk of cyberattacks, due in large part to the fact that it had the worst email security practices. For an industry so routinely targeted, this is unacceptable. “Healthcare IT infrastructure is generally old and inadequate for the current needs of the marketplace, relative to other sectors like retail and banking,” continues Padmanabhan. “Further, shrinking tech support staff combined with end of life equipment means IT systems are more vulnerable than ever before, while healthcare technology budgets are arguably the most under pressure when compared to other industry sectors.” Perhaps the biggest problem, says Information Age’s Chloe Green, is the fact that many decision makers in healthcare don’t think of their industry as a primary target. They should, though - social security numbers and personal information tend to have a much longer shelf life than credit card numbers or financial records; they make it far easier for thieves to get their hands on fraudulent funds. Worse still, the outdated IT infrastructure mentioned by Padmanabhan is woefully inadequate at keeping attackers out. So...what can be done? How can healthcare firms bring their security up to speed, and protect client data? There are a few steps that need to be taken:
- Implement Monitoring Software: You’re not going to prevent every data breach. Likely as not, someone’s going to break in eventually. If you know the moment they do, you can minimize damage.
- Establish Better Training Programs: Employee ignorance can be one of the prime causes of a breach - make sure your staff understands their duties where security is concerned.
- Upgrade Infrastructure - No Matter How Much It Costs: Legacy systems might seem to work as well as the day you purchased them, but there’s a good chance you’re opening yourself up to a host of completely-avoidable vulnerabilities.
- Allocate A Larger Portion Of The Budget To IT: As a healthcare provider, your IT budget is extremely important - do not cut corners here.
Healthcare providers manage some of the most valuable, sensitive information in the world. To think that they’d do so with outdated, inadequate security is troubling indeed. Healthcare needs to get its act together, and fast - otherwise, the clients are going to be the ones that suffer.