Hacks and breaches in the healthcare industry are likely to get worse in 2016 unless organizations shore up security, educate mHealth users about privacy and invest in security of the tools.
The gloomy data security outlook reflects the growing value proposition of protected health information (PHI) and the fact healthcare records boast longer shelf lives compared to financial data. That aspect gives bad guys more time to devise sophisticated attacks, Chris Bowen, chief privacy and security officer and founder of security firm ClearDATA, told HealthcareInfoSecurity.com.
"It's allowing bad guys to be persistent," said Bowen, who added that top data vulnerabilities are a mix of social engineering weaknesses, such as email phishing attempts, and a lack of strong encryption when it comes to mobile devices, servers and desktops.
Data risk and threats are tied to employees not adhering to policies, poor patching, misconfiguration of servers, erroneous public posting of data and security testing efforts using live PHI data, Bowen said. In many cases a healthcare security breach also goes unnoticed and undetected for nearly a year. He believes healthcare IT divisions are often too burdened with too many mandates and are too busy to remediate known issues and weak spots.
In addition to security worries at hospitals and health systems, consumers also have to be aware of breaches of personal fitness devices, which pose a "whole different level of security and privacy concern," Stephen Cobb, senior security researcher at ESET, said recently.
There is some work being done to improve mHealth security.The Massachusetts Institute of Technology, via its nonprofit health tech start-up, will begin issuing reviews of connected medical devices, mHealth services and apps researched by Harvard University physicians and experts from MIT's Hacking Medicine Institute. And a $10 million National Science Foundation research project aims to shore up patient data security and user confidentiality when it comes to mobile health tools.
For more information:
- listen the interview
Wearables take security concerns to a 'different level'
Mobile health data security focus of $10 million NSF research project
NHS has 'alarming' lack of cybersecurity measures in place for mobile devices
MIT hacking institute to vet mHealth apps, tools