Information governance and IT security have become two of the more commonly discussed matters among leaders in the public and private sectors throughout the past several years, and for good reason, as data breaches remain some of the more devastating crimes in North America and overseas. The fact remains that data breach is not an entirely avoidable risk, but it needs to be handled aggressively to control losses should an adverse event take place.
Certain industries have fallen into a more challenging ebb and flow of security challenges than others, including retail and health care, and this has been consistent across regions for the past few years. While the frequency and subsequent damages of data breach are increasing consistently as time goes on, the types of threats and associated mitigation tactics are evolving even more quickly than many would expect.
The new face of medical IT threats
Dark Reading recently reported that the most common cause of breach in health care is no longer employee error or negligence - these contributors were supplanted for the first time by cybercrime. Citing the findings of the Ponemon Institute's Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, the source pointed out that cybercrime activity targeted at entities in the sector increased 125 per cent between 2014 and 2015, now accounting for roughly 45 per cent of all breaches.
"For the first time, criminal attacks constitute the number one root cause [of data breaches], versus user negligence/incompetence or system glitches," explained Larry Ponemon, the Ponemon Institute's chairman and founder, according to Dark Reading. "Ninety-one per cent had one or more breach in the last two years, and some of these are tiny, less than 100 records, but they are still not trivial."
The news provider went on to note that the most common issues faced by industry players were the theft or loss of devices containing sensitive information and spear phishing incidents. Perhaps most discomforting was the finding that such a vast majority of health care firms have experienced a data breach in the past 12 months, and the fact that there are no signs to indicate the frequency will drop any time soon.
Suffice it to say that more progressive protections need to be implemented to begin reducing the rate of cybercrime in this sector.
"Comprehension is critical in cybersecurity strategies."
Measures to protect patient data
Comprehension is perhaps the most important characteristic in a cybersecurity strategy, meaning that no stone can be left unturned when evaluating vulnerabilities and risks. Now that hackers are the most common threat to patient data, controls specific to these risks should be implemented as soon as possible.
Mobility and data security software can be highly effective in reducing the speed with which hackers can acquire and expose information, while network monitoring tools will significantly improve system-based protections in real time. Since networks act as the gateways to core systems and data, monitoring solutions should be viewed as the highest priorities when working to reduce vulnerabilities and expedite the identification of intrusions as they appear.