• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Uncategorized  /  Need for Data Loss Prevention in Healthcare Industry
05 June 2017

Need for Data Loss Prevention in Healthcare Industry

Written by Ankita Ashesh
Ankita Ashesh
Uncategorized
Estimated reading time: 4 minutes

A report published by the Ponemon Institute indicated that there were 106 major data breaches in the Healthcare Industry in 2016. The total number of patient records exposed was more than 13.5 million. The average loss for single record breached in healthcare was $402 (which is much more than average cost of $150/record for other industries). This means there was a total loss of 2.8 billion USD due to hacking in the healthcare industry in USA alone.

Is the threat really that severe?

Imagine that a critical surgery is underway and patient’s vitals are monitored using a computer, which is a normal practice in hospitals today. At the same time, another screen shows patients test results which doctors refer to, while performing the surgery to ensure that the right amount of medicines are being administered. Suddenly, all the screens go blank and a message appears on it ‘Your Machine is locked, transfer $$$ Bitcoins to unlock your machine.’ The computers are now completely locked out and are not responding to any action. Patient is admitted and doctors have no way to know the vitals or any other information about the patient to continue the surgery.  Get the picture? This is just one, though a severe example, of how critical it is to secure healthcare systems against data loss and hacking.

Patients share critical details with healthcare providers. Healthcare organizations store all of this sensitive data digitally for a very large number of patients. This data pertains not only to the health parameters (habits, tests, reports, diagnosis, ailments, treatment etc) but may also include financial information (payment details, credit card details, insurance policies etc) and personal information of the patient. Organizations also hold all the information about their staff, their medical facilities and inventories in digital format. All this information is very valuable. The data and reports by doctors can be used for medical identity theft. All this data must be protected against loss whether accidental or intentional.

In many countries, there are specific laws that require health organizations to secure all the patient data. For example, United States of America has enacted Health Insurance Portability and Accountability Act (commonly known as HIPAA) to protect all patient information that is produced, saved, transferred or received in electronic format.

Nature of threats

Healthcare industry like any other industry faces three kinds of primary threat. However, due to the nature of data, which affect the life and death situation, the threat is much more severe in healthcare.

  1. Insider Threats: This is the most frequent and common type of data loss threat. Current or an ex employee, either by mistake or by malicious intention steals or exposes the personal health information data to outside world.
  2. Third Party Hack: This is a targeted attack by criminals to gain back door entry through software glitches to steal the data.  This hack is also generally done to steal confidential information that may be of use to a competitor or information that can be sold in open he dark market.
  3. Malware/Ransomware: In colloquial language, these may be grouped with computer viruses. These corrupt the data which is still in control of the organization, and usually lock out the organization from its own data and systems. This necessitates the suspension of emergency services leading to life threatening situations.

How does this data breach occur?

Mostly the data loss is due to human error or incorrect understanding of the organization’s data security policies. However, many times data loss is also due to somebody’s malicious effort to extract data. Whatever the reason, data loss can occur using common or similar channels like Email Communication, External Storage Devices, Social Media/Web2.0, P2P/IM File Transfer and Unsecured Partner Communication. Hence these must be monitored and controlled.

Health care industry faces threats from these channels because of a variety of reasons like most doctors and service providers use webmail which is more prone to data loss. Since their file sizes are big (say a series of MRI scans or a patient medical history), they often transfer their data using Instant Messenger (IM), FTP or other P2P software. They sometimes even store data in external portable devices which are plugged into different computers exposing them to a host of cyber threats. The seemingly innocent social media sites may have spyware/Trojan applications that steal data from the computer. Again a channel to surely watch out!

What can be done to secure Data and Systems in healthcare industry

Healthcare organizations need to deploy complete data loss prevention solutions that not only prevent the theft of data but also prevent intrusion and blocking of their devices to avoid life threatening situations. The security solutions must have:

  • Device control to configure access to several types of devices providing data protection with one integrated solution to prevent unauthorized access.
  • Active network intrusion protection and firewall to protect against viruses and ransomwares.
  • Active encryption of all static and dynamic data to ensure information safety in event of theft of data.
  • Enhanced security for multiple platforms such as Windows and Mac.
  • Advanced Web Access and Data Access control and smart blocking of unauthorized applications
  • Proactive scanning of installed applications to detect vulnerabilities.

Healthcare organization, be it a hospital or a specialist test lab, must deploy complete Data loss prevention software suite not only to meet the regulatory compliance, but also protect the patient’s data which may be critical to his treatment and may save his life.

Seqrite helps businesses simplify IT security and maximize business performance. To know more about our products and services visit our website. 

 Previous PostImpact of Major Cyber-attacks Across the Globe
Next Post  Dealing with Evolving Cyber Attacks
Ankita Ashesh
About Ankita Ashesh

...

Articles by Ankita Ashesh »

Related Posts

  • Gorgon APT fractures India’s Industrial Backbone

    Gorgon APT targeting MSME sector in India

    August 10, 2020
  • Way Out of The MAZE: A Quick Guide For Defending Against Maze Ransomware

    May 21, 2020
  • The-need-for-businesses-to-empower-the-CISO

    Why do boards need to empower their CISO?

    October 22, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.