• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Addressing Healthcare’s IT Security Oversight Challenges

by Sean Nobles, President, NaviSec 12/19/2019 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Addressing Healthcare’s IT Security Oversight Challenges
Sean Nobles, President, NaviSec

Data theft within the healthcare sector continues to skyrocket, led by third-party data breaches and phishing attacks. Halfway through 2019, the number of patient records breached already exceeds the 2018 number by more than 10 million. Perhaps most concerning, many of the breaches lasted weeks or months before they were discovered. 

Many health executives lack direct technology experience relevant to the healthcare industry, according to a Black Book Research survey of 308 executives. In fact, the survey found that many do not have a thorough understanding of the challenges and risks associated with security breaches or the far-reaching impacts of a large-scale breach. 

In the face of this daunting problem, many healthcare professionals adopt a one-at-a-time approach to addressing security challenges. When a problem arises, companies hire IT, consultants, to address the breach and safeguard the system before returning to business as usual. Because these consultants take a narrow approach to cybersecurity, they often lack a thorough understanding of the unique vulnerabilities facing a particular healthcare system. Unlike dedicated IT professionals, consultants typically have broad-scale organizational knowledge to detect gaps in security and address cybersecurity threats on an ongoing basis.  

Moving forward, the healthcare sector must mature its approach to security in order to keep pace with hackers. Dedicating the needed financial resources is an important first step, but it won’t be enough as wrong-doers are increasingly adept at exploiting gaps in protection. Consider that a shocking 31 million patient records were breached in the first half of 2019, more than doubling the total for the entirety of 2018. 

The reality is that many cybersecurity experts believe breaches are a foregone conclusion for most healthcare organizations, and the C-suite should prepare accordingly by addressing the most common gaps including:

Phishing scams: Exploiting unsuspecting employees

Phishing scams rely on email communications that seek to gather personal user information, gather valuable credentials or direct users to malicious websites. A single user who falls for the scam can put an entire organization at risk, which places humans in a contradictory position: they can be the weakest link in the system or the greatest security tool in the arsenal. 

Phishing scams have become quite elaborate, making it difficult for employees to detect dangerous requests. To combat the problem, healthcare organizations must continually educate their employees about the newest developments, understanding that a one-off effort to train employees will never be sufficient. 

Third-party risk: The need for greater oversight

Healthcare organizations interact with countless third-party vendors, each of which represents another point of vulnerability for patient data. When a client, vendor, or consultant for an organization suffers a breach of its own, data belonging to the connected entities are also exposed. Statistics suggest that when Target suffered a major data breach in 2013, this kind of attack — compromising a single vendor in order to gain access to a larger company — increased in frequency. 

A 2019 study reports that 56 percent of healthcare organizations have experienced a security breach as a result of a third-party vendor. In the same study, about 80 percent of respondents indicated the need to assess vendor risk, while only 36 percent believed their companies were successfully doing it. 

Awareness offers the best possible safeguard against this kind of breach. In the case of the Target attack, the company’s HVAC vendor had access to more information than it required. Begin by assessing which vendors are mission-critical to your process, and then assess what kind of data each is handling. Organizations that have a clear picture of vendor involvement will be better positioned to address risks and protect against attacks.

Internet of Health Things: Expanding threats

Internet of Health Things (IoHT) allows healthcare professionals to connect ordinary devices like wearables to the internet for purposes of collecting data, gaining insights into trends, enabling remote care, and empowering patients to manage their own health. Devices like continuous glucose monitors, smart inhalers, and even ingestible sensors allow providers to monitor patient care virtually through the use of internet connectivity. 

The challenge, of course, is the threat to privacy and security posed by these kinds of devices. In one widely-known security breach, a flaw in implanted pacemakers allowed affected devices to have their batteries drained by remote attackers. 

Because the growing number of devices increases the surface area susceptible to attacks, organizations must build powerful partnerships that help them identify effective solutions. They must engage with organizations that can help them understand where data will be stored, how those devices will connect to the network and who will have access to the data. 

Moving toward optimal oversight

The Black Book survey reported that 88 percent of respondents had no knowledge of healthcare cybersecurity risks, and none were prepared to handle a large-scale breach. It’s notable that although companies report dedicating more resources to cybersecurity, many of those same organizations acknowledge that they won’t know how to respond when an actual breach happens. 

Protection begins with healthcare executives who must understand the importance of cybersecurity. A 2016 Ponemon study reported a healthcare data breach can cost about $1,000 per stolen record as a result of regulatory fines, customer notification costs, business downtime, and customer turnover. 

One-size-fits-all solutions won’t protect from data breaches because the gaps in each organization vary according to a number of factors. Companies that seek right-sized solutions will better address their specific challenges without paying for protections they don’t require. 

About Sean Nobles

Sean Nobles is president of NaviSec, a veteran-owned IT security firm. He holds OSCP, NSE4 and CCNP certifications in network security and has spent more than 20 years in the service provider, military, financial services, value-added reseller and call center industries. He is a combat veteran of the U.S. Marine Corps. 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Cybersecurity, Healthcare Data, Healthcare Data Breach, Notable, Pacemakers, Patient Care, Phishing, risk, Security Breaches, sensors, Wearables

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |