Healthcare institutions remain among the most targeted organizations when it comes to hacker attacks and other security intrusions. These entities possess a wealth of data, including personal information that cyber criminals can use.
In February 2016, the Hollywood Presbyterian Medical Center was hit by a malware attack against its computer system. The malware locked the system via encryption, essentially holding it for ransom. The medical center ended up paying the equivalent of about $17,000 dollars in bitcoins for a key to decrypt the system.
There was no evidence that patient data was compromised in the attack, and the FBI is investigating. But it clearly shows how a hospital’s operations can be hindered by such an attack.
This is by no means an isolated incident. According to a 2015 report by Ponemon Institute, the healthcare industry is experiencing a surge of data breaches, security incidents and criminal attacks—exposing millions of patients and their medical records
The institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data said criminal attacks in healthcare were up 125% since 2010 and are now the leading cause of data breach. The findings also show most healthcare organizations are still unprepared to address the rapidly changing cyber threat environment and lack the resources and processes to protect patient data. The study indicated that medical files, and billing and insurance records are the top targets for theft.
Not only is data security in the industry a concern because of the potential for stolen patient records and the loss of other sensitive, but healthcare organizations need to be compliant with the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) as well.
So a big question is, what can healthcare organizations do to ensure HIPAA compliance for their environments? As Bitdefender notes in its Guide to HIPAA Compliance for Virtualization and Cloud Security, solutions are available to help organizations comply with the requirements of HIPAA and enhance their overall security and risk management programs.
These solutions deliver strong protection against threats on customer’s premises, in a virtual environment as well as on the growing number of mobile devices in use at healthcare facilities. While no one technology offering will likely address all of the HIPAA and other security requirements healthcare companies have, there are products that can assist with some key needs in security and compliance.
For example, virtual appliance security solutions can deliver security for physical, virtualized and mobile endpoints. They can protect endpoints against attacks, including malware, without slowing down client devices. Some of these solutions are easily scalable via a virtual container architecture, and they can run on any virtualization platform, speeding up deployment.
If companies can consolidate security control across physical, virtualized and mobile endpoints through a unified administrative console, activities can be streamlined. This can eliminate the need for point solutions.
Some appliance solutions address the key requirements of HIPAA and other regulations aimed at healthcare companies, with features such as intrusion detection, anti-phishing, Web filtering and user and Web control to block diverse threats from infecting end-user systems and server endpoints.
They also support adoption of bring-your-own-device (BYOD) policies by enforcing security consistently on all types of mobile devices. Because of this, mobile devices can be controlled and the business data stored on them can be protected. As anyone in healthcare knows, this has become increasingly important because so many healthcare professionals rely on mobile devices to do their jobs.
“Given the importance of information security beyond the context of regulatory compliance, organizations must develop a security strategy that is comprehensive and reliable,” the guide states. “These tools are vital elements of that strategy.”
Healthcare providers and other organizations in the industry that are subject to HIPAA regulations need to understand that compliance is a must. And, to be compliant, information security has to be a high priority.
Besides HIPAA compliance, too much is at stake for healthcare institutions to let security slide. The integrity, privacy and security of healthcare records including patient information should be a paramount concern for companies.
Fortunately, with the right technologies, policies and procedures in place, healthcare organizations can ensure that they’re virtualized computing environments is ready to meet the latest threats and vulnerabilities.