The Healthcare Issue Both Parties Must Support: Improving Cybersecurity

17

Tom Sullivan (@SullyHIT) at HealthcareITNews and FierceHealthcare’s Evan Sweeney (@@DB_Sweeney) have both written interesting analyses of what last week’s midterm elections may mean for advancing healthcare IT-related issues. The consensus among many of the experts Sullivan and Sweeney interviewed is that lawmakers should place improving the nation’s healthcare IT infrastructure, including hardening its cybersecurity posture, at the top of their collective agenda.

Even as healthcare-related issues like the Affordable Care Act and changes to Medicaid will continue to create deep partisan division, Yulan Egan, Practice Manager at Advisory Board, told Sullivan that Health IT will enjoy broad bipartisan support.

“That presents some opportunity because to an extent the House and Senate will have to work together,” Burch added. “The first thing that always comes to mind is infrastructure… An infrastructure package has been talked about by the White House. There could be a place for health IT priorities [including security] in some sort of legislative package for infrastructure improvement.”

Sullivan makes the point that when people think of funding infrastructure improvements, they first think of “crumbling bridges or pothole-laden roads.” But repairing and improving the nation’s health IT infrastructure must become a top priority too.

Health IT infrastructure is a broad umbrella term that covers a wide range of systems and technologies, such as rolling broadband internet connectivity out to more rural healthcare facilities, and using prescription drug monitoring programs to battle the opioid epidemic. Any new health IT infrastructure package that improves data collection and sharing among healthcare providers and payers should also prioritize securing that data.

“That includes issues around cybersecurity that represent a less tangible but necessary component of modern infrastructure,” Leslie Krigstein, vice president of congressional affairs at the College of Health Information Management Executives (CHIME), told Sweeney.

To say that cybersecurity must be a priority issue for legislators and the healthcare industry is an understatement. As I wrote back in July, cyber attacks against healthcare providers is a global epidemic. That diagnosis still holds true.

Marianne Kolbasuk McGee at HealthInfoSecurity and DataBreachToday on Oct. 29th looked at a snapshot of the Department of Health and Human Services’ HIPAA Breach Reporting Tool website. She reports the industry has suffered 302 breaches this year alone, affecting a total of about 8.8 million individuals.

The bad headlines just keep coming.

On November 12th, HealthcareInfoSecurity reported that more than two weeks after announcing the HealthCare.gov was hacked, HHS revealed the breach exposed sensitive data of 75,000 individuals, including partial Social Security numbers and immigration status.

There are some basic steps any healthcare organization can take to secure protected health information (PHI):

  1. Hold regular employee training sessions on security policies and best practices
  2. Stay current with all software patches
  3. Build a multi-layered defense that leverages both the Negative and Positive Security approaches

In addition to your AV and other traditional security defenses that are constantly on the lookout for the infinite amount of “bad” trying to access and steal information, we developed PARANOID to enable you to focus on the “good”. PARANOID uses a practically static map of the finite set of legitimate behaviors of the operating system to proactively keep up with the ever-increasing volume of new, never-seen-before, evasive, and fileless malware threats.

To learn more about how we can boost your healthcare organization’s security posture, schedule a demo and connect with us on Twitter and LinkedIn.

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.