Encryption is key to data protection, but not all strategies look alike

Cyber threats against healthcare organizations have been ramping up in the past few years, with highly publicized ransomware attacks leading to weeks-long network shutdowns at some institutions.

Experts warn that the situation may only worsen as bad actors become more sophisticated – and as some get a boost from state-sponsored entities.

Anurag Lal, CEO of NetSfere – which provides companies with security and message-delivery capabilities – caught up with Healthcare IT News to discuss what he sees as the most pressing cyber threat, how organizations can protect themselves and how his experience as director of the U.S. National Broadband Task Force helped shape his perspective on these issues.

Q. Why are healthcare organizations particularly vulnerable to attacks?

A. Healthcare organizations are more at risk for cyber threats for a number of reasons. One, their systems are typically outdated and slower, and less secure as a result. Additionally, the pandemic accelerated the digitization of the healthcare industry, and an estimated 93% of healthcare organizations experienced some sort of data breach over the past two years.

These rushed transformation processes and outdated systems, combined with less centralized workplaces due to remote and hybrid work, create a large amount of risk for attacks.

Another reason healthcare organizations are more vulnerable is because their data is extremely valuable to hackers. Medical records and billing info create a huge target on the back of healthcare systems. Stolen health records may sell [for] up to 10 times more than credit card information on the dark web.

Q. What steps can organizations take to protect themselves?

A. Communicating efficiently and securely to protect patient and company data should remain a top priority as healthcare organizations become more digital. When deploying new communication channels, both internally between employees and with patients and providers, encryption is key.

Not all encryption is the same, though. End-to-end encryption is the “gold standard” when it comes to safe communications, verifying that messages are protected through every step of the process.

It’s also important to educate employees on the dangers of phishing scams, as the majority of security breaches are a result of human error.

Q. On a related note, how can an organization be cognizant of protecting its communications with providers and patients?

A. Similarly to protecting themselves, healthcare organizations can protect their communications with providers and patients by modernizing communication channels and ensuring compliance. Regulations like the Health Insurance Portability and Accountability Act require healthcare organizations to follow specific (and stringent) standards for Protected Health Information, including sensitive patient information like medical histories and test results.

At the end of the day, the patient and their information are the priority and should be protected as such.

Q. What actions should the federal government be taking to address this threat?

A. The government should proactively implement safeguards to protect U.S. institutions from an inevitable cyber attack attempt.

One example is encouraging organizations to require Zero Trust Security and end-to-end-encryption. The idea behind the Zero Trust Security model is to “never trust, always verify” to protect data and intellectual property most securely. All resources are continuously authenticated, verified and authorized.

As I mentioned earlier, with E2EE, data is encrypted on the sender’s system or device, and only the intended recipient is able to decrypt and read the message. Ensuring that business communication is locked down in this way applies zero trust principles to mobile messaging and collaboration. 

Q. You were director of the U.S. National Broadband Task Force under the Obama administration. How did that experience help shape your perspective on these issues?

A. During my time working on the Task Force, I saw in real-time the very serious threats that exist and saw how cyber-attacks affected other governments. For example, [bad actors linked to the] Russian government hacked the Ukrainian power grid, resulting in nationwide outages. Later, [they] installed malware on Ukraine’s accounting software, causing billions of dollars in damages.

Q. Do you have any predictions for the next few years in the cybersecurity sector?

A. I predict that cyber-attacks will become more technologically advanced, so our ability to protect organizations and governments will need to become more advanced alongside them. This is evidenced by skyrocketing cyberattacks with 1,862  publicly reported breaches in the U.S. in 2021, up more than 68% from 2020.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article