This Industry Viewpoint was authored by Alex Mitchell of VPNpro.com
When we think about healthcare and hospitals, there are many aspects of safety and security that are typically considered, but Wi-Fi security isn't exactly top of the list for most of us. Yet securing hospital Wi-Fi networks is becoming an important aspect of healthcare operations all over the planet. With cyber threats mounting, this is becoming an issue of increasing prominence.
The nature of the sensitive information involved in healthcare means that this is extremely significant. Very few people are willing for their personal data to be compromised, and there can be little data in the world that is more private than our health records. Indeed, particularly in countries where health insurance is common, our personal health records are actually worth potentially vast amounts of money, in the quantity in which they are held by hospitals.
There are actually several different ways in which security can be breached at a hospital, and incidents are becoming more common as more people realise the financial benefits involved. Criminal hackers are able to steal protective health information in order to commit medical identity theft, while employees are also capable of reviewing records of patients without proper authorisation.
All data breaches can be extremely costly for providers, with fines, other compliance costs, and reputational damage all inherent issues. This means that Wi-Fi security must be absolutely on point at hospitals if patient trust is not to be squandered.
Despite the importance of maintaining Wi-Fi and protecting data, breaches within healthcare organisations are worryingly widespread. Indeed, a study from the Ponemon Institute suggested that 94% of all healthcare organisations had suffered at least one a data breach between 2011 and 2012. Additionally, 45% had experienced at least five breaches during this period, which compared to just 29% of hospitals during the previous survey.
From these figures, it should be quite clear that data held by healthcare organisations is under an increasing threat. So what can be done about this? Well, there are a variety of different approaches and techniques that can help secure this most sensitive of information. Here are a few of the possible measures that healthcare organisation can take:
Install a VPN
A virtual private network (VPN) can be hugely beneficial, making it far more difficult for criminals to penetrate healthcare organisations systems. Considering the prominence of VPNs in home usage, this is almost a must for any healthcare organisation.
Other Network Protection
As hackers have a variety of different methods in order to break through the defences of healthcare networks, so IT departments need to use a variety of approaches in order to keep them out.
While it is common in the healthcare field, and for that matter for businesses in general, to invest money on most private security, such as firewalls and antivirus software, other technology should also be adopted. For example, segregating networks so that staff in one area don't have access to all system data should be considered of paramount importance.
Most hackers manage to breach systems due to the mistakes made by internal members of staff, so it is just absolutely essential to educate people about the importance of IT security.
This means that any IT security program should be heavily focused on educating employees, explaining and what should and should not constitute a violation in practice, while also providing important lessons on phishing, social engineering and other common attack strategies.
It should also be made absolutely clear that secure passwords are of critical importance.
Encrypt Portable Devices
Most hospitals nowadays wish to plug portable devices into their internal systems, with such technology as BYOD. Yet this can leave systems vulnerable to data breaches due to sloppy data practices, or storage devices being lost or stolen.
While it's impossible to completely eliminate human error, you can protect yourself against such eventualities by ensuring that all devices are encrypted. This should include all laptops, smartphones, tablets, and portable USB drives. A strict policy should also be put in place regarding the carrying of data outside of work environments.
Delete Unnecessary Data
This is a very worthwhile measure that may not occur to many non-experts. But any hacker knows that the more information is held on a particular system, the more likely it is that they are going to be able to penetrate through the defences of that system. It is vitally important to keep on top of data storage and ensure that all data is deleted. Anything that isn't required by everyday operation should be removed, and there should be strict policies in place to mandate the removal of this data.
Additionally, a healthcare organisation should be accurately auditing the information that they are storing, so that it is completely understood what is being held on internal systems.
Take Third Party Security Seriously
Visually all healthcare organisations are now using cloud services and other third-party providers, and it is, therefore, essential to ensure that data held in these fora is secure. This means diligently investigating the security of cloud computing providers, and any other companies involved in the third-party storage and manipulation of information.
Hackers will quite frequently circumnavigate internal systems, and go straight to the cloud or external providers, so it is essential to make sure that this information is as secure as any held internally.
Finally, it is essential to keep every aspect of your IT system up-to-date, including electronic medical devices. Everything can be hacked nowadays, and it is thus vital to ensure that systems are patched whenever new updates become available.
By following these simple rules, hospital Wi-Fi security will be greatly enhanced, and the chances of a hacker breaking into medical systems will be seriously reduced. It is vital for hospitals to be diligent in this area, as the threat of breaches is ever increasing, which can be hugely damaging for the reputation and functionality of a medical organisation.
Alex Mitchell is a cybersecurity enthusiast, WordPress guru, data-safety and privacy tools tester with over 10yrs experience.
If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!Categories: Industry Viewpoint · Security · Wireless