Skip to content
+1 512 696 1522
Facebook page opens in new windowTwitter page opens in new window
LUCY Security
LUCY Security
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)

Holistic Cybersecurity

The healthcare industry deals with some of the most valuable personal data and current efforts to safeguard sensitive data are falling short. Courtesy of BigStock.com

Holistic Cybersecurity a Must for the Healthcare Industry

Insecurity is compounded by fragmented and outsourced nature of U.S. healthcare

Recently it was reported that a billion medical images, including personally identifying information (PII), are exposed online and medical professionals are ignoring warnings. Discovered by German cybersecurity firm Greenbone Networks, the exposure follows a similar report in September 2019 that detailed 24 million medical records on 590 online medical image archive systems. Two months later, the firm detailed the number of exposed servers had increased by more than half, to 35 million patient exams, exposing 1.19 billion scans and representing an egregious violation of patient privacy.

Unfortunately, most of the medical world thinks it exists in its own private cloud, which is precariously unrealistic. Most medical professionals don’t usually understand that a large part of their information is globally accessible.

Cybersecurity Takes a Back Seat

Medical companies often manage security compliance as a subset of medical compliance, and therefore cybersecurity takes a back seat. This insecurity is compounded by the highly fragmented and outsourced nature of the U.S. healthcare landscape. The need for multiple parties to have prompt access to all medical data ensures that convenient access takes precedence over basic authentication and authorization security.

What’s at stake? To start, Personally identifiable information, or PII, including billing details, as well as lab results, diagnoses, and hospitalization records. It’s no wonder healthcare tops the charts every year as the number one at-risk sector for cyber-criminals.

Healthcare Industry Data at Risk

The healthcare industry deals with some of the most valuable personal data and current efforts to safeguard sensitive data are falling short. As recently as October 2019, a hack of medical testing company LifeLabs exposed the sensitive personal information of an estimated 15 million Canadians, the largest breach of its kind ever reported in the country.

And the bad actors are using a variety of means to get that valuable data.

The medical industry was the first to be phished, over 20 years ago, and it still leads the way in data incontinence.

Ninety-seven percent of successful attacks across all industries involve some form of social engineering, and over 90 percent start with a phishing email. The more that we can train people to be security-aware, the less successful hackers will be.

When I demonstrate spoofing emails, around 10 percent of them get straight through to the prospect after mfa information they always assure me that they have perfect defenses. This is especially so in industries like healthcare and government, which explains why ransomware is so effective in crippling these critical organizations.

Ransomware attacks can wipe out entire systems in minutes, and healthcare decision-makers have grown increasingly comfortable paying the ransom for these types of attacks. It’s prudent that organizations, no matter what their size, have a recovery plan and know what to do when they are hit. It doesn’t take a brain surgeon to recognize that planning in advance is better than making it up on the fly when you have no phones, no email, and no data.

Up to 30 percent of untrained staff are highly susceptible to the attacks that do succeed. Just like technical defenses, staff can be ‘patched’ to reduce their vulnerabilities to phishing attacks, by training them in a holistic, integrated way—treating people and systems as parts of the whole.

New Approach Needed

This kind of holistic approach to cybersecurity is essential—deploy technical defenses and ‘patch’ your staff to significantly protect assets through defense in depth.

Another major cause of data breaches in the healthcare industry results from third-party vulnerabilities. Outsourcing billing, for example, to third-party vendors is a great way to extract efficiencies by reducing core costs, but it exposes the business and its customers to uncontrollable security risks.

Recently Google and Ascension announced a massive initiative to aggregate the data of roughly 50 million patients and store it on the cloud. Ascension runs the largest non-profit health system in the U.S., and the second-largest health system in the U.S. Dubbed Project Nightingale, the partnership allows Google to collect troves of sensitive information from Ascension’s roughly 2,600 hospitals, doctors’ offices and care facilities.

I call it “Project Nightmare.”

The companies say it will improve patient care and administration, but neither patients nor doctors had been previously been notified of this data-sharing arrangement. Under terms of HIPAA, Google and Ascension were not required to disclose the third-party data-sharing arrangement with patients because the purpose of collecting the data was to help the health care provider better execute its healthcare functions.

To address privacy concerns, the companies stated in their joint release that Project Nightingale would be “HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling.” But how can Ascension ensure that people employed by a third party that is built on exploiting personal data will adhere to Ascension’s data policies?

At this rate data breach insurance premiums will rival medical malpractice premiums – all costs being borne by paying patients eventually.

About the Author: Colin Bastable is the CEO of LUCY Security’s USA operations. Colin has been building and leading global IT security businesses for over 20 years, with expertise in startups, re-boots and turnarounds in the cyber-security space. He was part of the European management team at McAfee during their early growth to market dominance. Bastable built and led the global sales team at nCipher (bought and spun off by Thales) and was a key member of the team that took nCipher public on the London Stock Exchange, and he co-founded and led innovative MFA business Mi-Token Inc.

Category: BlogBy adminApril 1, 2020Leave a comment
Share this article
Share on FacebookShare on Facebook TweetShare on Twitter Pin itShare on Pinterest Share on LinkedInShare on LinkedIn Share on WhatsAppShare on WhatsApp

Author: admin

Post navigation

PreviousPrevious post:Lucy Security Launches Free Online Resource to Help Remote Employees Stay SecureNextNext post:945 Websites Hacked – up to 14 Million Potential Victims

Related Posts

The 3 main Reasons your users get hacked
November 4, 2021
Which Cyber Training has the greatest learning impact?
April 19, 2021
Cyber Security Awareness NIST – Requirements, Commitments and Content
March 29, 2021
Phishing Attacks in the Holiday Season
December 16, 2020
Why LUCY 4.7.5 is a milestone in our product development
September 3, 2020
All Training on Home and Remote Working free of charge
March 25, 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Post comment

Recent Posts
  • New LUCY Security Release 4.8.4
  • LUCY Security presents User Awards 2021
  • LUCY Security presents international Partner Awards 2021
  • LUCY Security at ASIS Europe 2022 in Prague from May 22-24
  • LUCY Software NOT affected by the Log4j Bug
Archives
  • January 2022
  • December 2021
  • November 2021
  • August 2021
  • May 2021
  • April 2021
  • March 2021
  • January 2021
  • December 2020
  • September 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • June 2018
  • March 2018
  • November 2017
Categories
  • Blog
  • Event
  • Local Event
  • News
  • Press
  • ReleaseNote
  • Resources
  • TechBlog
  • Video
CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

Phone USA: +1-512-696-1522
Phone USA Support: +1-512-696-1514
Phone Canada: +1 289-270-2547
Phone France: +33 611 821 535

CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

Phone USA: +1-512-696-1522
Phone USA Support: +1-512-696-1514
Phone Canada: +1 289-270-2547
Phone France: +33 611 821 535
Phone Italian: +39 334 2887751
Phone UK: +44 (0)1295 408 709

SEARCH
CONNECT

Find us on:

Facebook page opens in new windowTwitter page opens in new windowYouTube page opens in new windowLinkedin page opens in new window
INFORMATION
  • Home
  • Solution
  • Editions
  • Resources
  • About us
  • Support Wiki
  • Contact
  • Demo request
LANGUAGE
  • English
LUCY Security
All Rights Reserved 2022











Noted in the press

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Privacy PolicyCookie PolicyACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.