Healthcare and cybersecurity: New measures to up minimum standards
By Max BurkhalterOctober 25, 2022
The White House is looking to implement new and additional cybersecurity measures for the healthcare industry. Medicaid providers are digitizing patient records and prescription histories in line with an increasing reliance on electronic health record (EHR) software. As a result, the security of confidential data and patient information remains a priority.
While an EHR makes the sharing of health data readily available across service providers — a GP can share patient notes with a surgeon in another facility, for example — the digital transmission of data is not without risk. As a result, a recent Washington Post Live event discussed the deployment of working with partners at facilities like hospitals to implement minimum cybersecurity guidelines.
This article will examine the state of healthcare service cybersecurity measures, and detail how the White House is rolling up its proverbial sleeves to lend a hand.
Underdeveloped overwatch
Results from a recent FBI crime report list the healthcare industry as the most vulnerable to cybercrime attacks. Of the surveyed infrastructure sectors victimized by ransomware attacks, healthcare and public health organizations dwarfed the next closest industry, with 148 individual reports to the financial sector's 89.
The FBI's Internet Crime Complaint Center (IC3) predicts that the final 2022 numbers will see an increase from the previous report's figures.
To combat the surge in phishing scams, malware infections and other cybercrime occurrences, the U.S. government's Cybersecurity & Infrastructure Security Agency (CISA) and President Biden have signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Under the Act, CISA will work alongside Risk Management Agencies, the Department of Justice and a soon-to-be-formed, DHS-chaired Cyber Incident Reporting Council to develop new reporting and prevention measures.
CISA's increased reporting and countermeasure capabilities will afford the agency the opportunity to deploy resources and assistance to cybersecurity victims. Studying trends and attack patterns could provide new and unprecedented insight into the origins of malware campaigns and phishing attacks.
Security on edge
The rise of edge computing provides health services with fast access to EHR systems and other care-enhancing software and application technologies. A recent AT&T Cybersecurity Report found that as many as three-quarters of surveyed providers have worked, or are planning to adopt some form of edge computing capabilities.
The advanced technology is not without its vulnerabilities, however. Cynerio Research notes that 53% of connected medical devices and other internet of things (IoT) devices in hospitals have a known critical vulnerability. The research notes that protected health information stored on EHR platforms could be useful for criminals looking to perpetrate identity theft. Cynerio Research data shows that medical records could garner up to 50 times the amount of a stolen credit card on the black market.
Although edge computing offers the ability to customize firewalls within an organization's infrastructure, the connectivity of IoT powered devices greatly increases the potential vulnerabilities within a medical facility. After all, medical centers are full of diagnostic imaging, monitoring and administrative devices that can all communicate with one another over a shared network.
And that's just within one facility. Open up the transfer of data between healthcare providers that EHR encourages, and the threat surface scales exponentially.
As 5G and edge computing become health service industry standards, overwatch from organizations like the White House, FBI and CISA will work together to mitigate the risk of personal information being exposed, lost or sold to threat actors online.
Perle offers network-enabled medical solutions for the healthcare industry
Perle understands the value of security regarding the transmission of private and confidential medical information. Storing and processing patient data is mission-critical for health organizations, but it shouldn't come at a cost. Doctors, clinics, hospitals and laboratories can count on Perle device networking hardware to ensure the safe acquisition of pertinent medical data.
To learn more about how Perle Serial Console Servers offer support for medical professionals, visit our healthcare solutions page. Our remote management devices help reduce costs while placing an emphasis on network security.