Every industry is vulnerable to data breaches, but the healthcare industry has long stood out above the rest. This vulnerability may prove particularly damaging not only to Protected Health Information (PHI) during the COVID-19 crisis but also patient care.
59% of the U.S. population has already had their healthcare records stolen
According to HIPAAJournal.com, prior to COVID-19 hitting the globe, healthcare data breaches were already being reported at a rate of more than once per day. Protenus Breach Barometer reported that in 2018 the healthcare sector saw 15 million patient records compromised in 503 breaches, three times the amount seen in 2017. But by July 2019, that number had skyrocketed with potentially more than 25 million patient records breached.
Medical records contain valuable and sensitive personal data including social security numbers, insurance information, payment details, personal health records, and more. According to Experian, a patient’s full medical record can sell for up to $1,000. By comparison, Social Security numbers typically sell for $1 and credit card information for up to $110.
In early March, sources informed Reuters that hackers tried to break into the World Health Organization (WHO). While the attempt was unsuccessful, WHO Chief Information Security Officer Flavio Aggio warned, “that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus.”
Increased IoT-focused cyberattacks may impact patient care
As recently as November 2019, Threatpost, a leading source for IT and business security news, reported that IoT security woes were already plaguing the healthcare industry. “At least 82 percent of connected medical devices have been targeted in the past year, opening the potential for a variety of attacks, from highly sensitive information disclosure to denial of service (DoS) for critical devices,” a recent Xtelligent Healthcare Media survey found.
At the same time COVID-19 began accelerating in the U.S. in February, Elad Luz, Head of Research at CyberMDX, warned that “Healthcare organizations are increasingly experiencing IoT-focused cyberattacks.”
There are a number of vulnerabilities in the area of IoT and cybersecurity, but perhaps the most devastating are those that put people’s lives at risk. Many ailments are treated with cloud-based monitoring services or embedded IoT devices like those being used to treat patients with COVID-19.
Unfortunately, medically-necessary IoT devices can and are being compromised by cyberattacks capable of disrupting the delivery of lifesaving health services – putting people’s lives at risk – and with the projected increase in patients requiring medical interventions such as ventilation, IV pumps, anesthesia, and patient monitoring, the consequences could be devastating if the correct security measures aren’t in place.
Is the healthcare industry prepared?
Much of the global healthcare industry is understandably distracted by caring for the overwhelming number of COVID-19 patients. Combined with the surge in cyberattacks that have coincided with the rise of the virus, this leaves an already-taxed industry even more vulnerable.
Vulnerabilities to ransomware, malware, botnets, and online medical device attacks have seen a sharp rise due to numerous factors; the interconnectedness of hospital operations, close ties with third-party vendors, the rising complexity of hospital technology systems, and reliance on an extensive variety of connected networks.
Encryption is the most consistent security mechanism available for securing data and IoT devices. While many healthcare organizations are proactively encrypting data, even more, they are failing to properly manage the encryption ecosystem by regularly rotating their keys – a poor practice like having just one password across all logins or devices and never updating it. With real attacks impacting healthcare right now, it is critical that organizations place enhanced key management measurements into their cyber-defense protocol immediately.
How VaultCore™ can quickly help healthcare organizations secure critical personal data and patient care
Key management is at the core of making encryption a strong security tool. VaultCore by Fornetix® is a groundbreaking cybersecurity solution that unleashes encryption’s full potential by deploying and enforcing key management across an entire organization—across all devices. This unified approach allows storage and control of all encryption keys in all environments; whether it’s on-premise storage, virtualized, or cloud.
Delivered as a physical or virtual appliance, VaultCore can swiftly integrate with a healthcare organization’s existing infrastructure and current encryption strategy. This immediately decreases data loss, enables compliance with privacy regulations, effectively manages third-party risk, and protects the lives of patients. VaultCore automatically updates and secures the encryption keys necessary to decrypt data so it can be read. In short, when data is properly encrypted, it remains unreadable and therefore useless to the attacker because they’re unable to decrypt it. With industry-leading capacity, VaultCore allows medical devices to each be given unique encryption keys instead of relying on a single key for all devices. Additionally, VaultCore can verify the cryptographic integrity of data to ensure critical code has not been tampered with.
Backed by granular policy tools, intuitive access controls, and powerful automation, VaultCore is the only key management solution in the world that can manage hundreds of millions of encryption keys across every device, reduce human error, maintain compliance, and give the industry some much-needed peace of mind that every device that serves, stores, transmits, or collects patient or other critical data is protected to the fullest extent.