Cybercrime that targets hospitals and other healthcare providers has continued to grow in frequency in 2021, but criminals have begun to shift the focus of their attacks, according to a new report on healthcare data breaches by Critical Insight. Instead of large corporate health organizations and hospitals, victims are increasingly smaller outpatient facilities and specialized clinics.
Business associates and third-party organizations that work in partnership with these smaller facilities have also drawn the attention of cybercriminals. Family clinics and other partner groups handle the same sensitive patient health and personal data as larger groups, but they generally don’t have the same level of cybersecurity resources as larger corporations do.
Data Breaches by the Numbers
Total data breaches in the healthcare sector have doubled since 2018, according to the findings of the Critical Insight report. Breaches resulting specifically from hacking or other cybersecurity incidents tripled over the same period. Moreover, 43% of all healthcare data breaches were the result of attacks targeting affiliated business organizations, not the healthcare providers themselves.
Critical Insight notes that third-party vendors or affiliated organizations, such as claims adjusters, cloud storage providers, and even communications firms, have all led to the leaking of sensitive healthcare information on millions of individuals. “As these and other third-party breaches continue to make the news, it demonstrates that attackers are paying more attention to this ecosystem of vendors as a vulnerable link in the cybersecurity chain.
Data Security Requires a Plan
A recent survey by the TechTarget Network of the 10 biggest ransomware attacks of 2021 illustrate just how widespread cyberattacks are across sectors and industries. In addition to a ransomware attack on Ireland’s national health service, cybercriminals successfully targeted computer giant Acer, CNA Financial, and the Colonial Pipeline, which shut down operations across the southern and eastern U.S.
The Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security and the FBI have issued specific guidelines for protecting small businesses, corporations, and government agencies from ransomware attacks and the data breaches that often accompany them. The last two years have seen escalations in both the scope and sophistication of such threats.
A common thread among recommendations by public, private and corporate data security analysts is the development of a comprehensive and tested plan. Organizations of any size are advised to have an offline backup system in place to preserve a full and protected copy of business-critical data. They also should enact strict policy controls over how external USB storage devices are managed and used.
Comprehensive Data Security for Healthcare
SecureData has helped healthcare professionals better manage their data security for more than a decade. Our award-winning SecureDrive and SecureUSB external storage drives are FIPS-validated and hardware-encrypted for the highest levels of data security available. They fit seamlessly into even the most rigorous of USB policies.
IT administrators can choose between managed and unmanaged storage solutions, with authentication via on-board alphanumeric keypad and PIN (the KP product line) or with a secure mobile app and bluetooth connection (the BT product line. Bluetooth-enabled devices also come remote-management ready for added layers of security.
With a Remote Management license, administrators have total control over where, when and how data is accessed on any SecureDrive BT and SecureUSB BT device deployed throughout an organization. Drives can be time- or geo-fenced, and data can be remotely wiped in case of the loss or theft of a drive.
SecureData also helps healthcare providers to harden endpoint security. USB ports are one of the most common pathways for malware to penetrate computer networks. Our SecureGuard DLP port blocker, which works in tandem with Remote Management, allows for the whitelisting and blacklisting of USB devices. It also limits computer access throughout an organization to only authorized devices.
SecureData is a trusted partner for healthcare providers. Our products and services have successfully been implemented at Western Reserve Hospital and Crystal Clinic Orthopaedic Center to help doctors and administrators better protect patient data at work and in transit. We also help organizations maintain strict compliance to all HIPAA regulations.
Call us now at 1-424-363-8535 to request a free demonstration of our SecureDrive and SecureUSB devices, or to speak to one of our data security specialists about how to better protect your patient data from breaches and unauthorized access.