What are the challenges facing the health sector regarding patient data security?

CS Identity, a data breach remediation company, compiled a list of the five industries that cybercriminals targeted most often, and health care tops the list:

• Health care:43%
• Business:33%
• Government:12%
• Education:7%
• Financial:6%

Cost

The cost of breaches is substantial. A study conducted by IBM and the Ponemon Institute found the average cost per record breached is roughly US$158 ($AUD238) — but in the health care sector, this can run up to as high as $355 ($AUD519) per record.

Ransomware

In February, The Age revealed that a cybercrime syndicate hacked and scrambled the medical files of about 15,000 patients of a specialist cardiology unit at Cabrini Hospital and demanded a ransom to unscramble the files.

A subsequent Victorian Auditor-General report warned there were serious weaknesses in the cybersecurity of some of Victoria's health databases.

Yet six months later, computer networks in seven Victorian regional hospitals suffered a widespread ransomware attack that shut booking systems, delayed surgeries and sparked fears over patient information security.

Staff were forced to revert to manual bookings and records.

Why health care is vulnerable

Rich data environment

• Patient records are incredibly valuable and organisations cannot afford to lose them

Cost-cutting

• Cost-cutting measures have left many healthcare institutions relying on legacy hardware, software or operating systems with unpatched vulnerabilities ripe for exploitation

  Transitioning to digital

• The healthcare industry is still transitioning from paper to digital records, leaving gaps that can be exploited

  Low awareness of data security

• Staff awareness of data security is low, making techniques like phishing effective (using emails designed to trick people into providing sensitive information)

Causes

Data breaches are not always intentional. In fact, human error is the most common problem for health care organisations:

Human errors

• Staff accidentally send proprietary data to the wrong person, upload it to public shares or misconfigure servers where it is stored

  Cyber-attacks

• Hackers use malware, phishing, social engineering, skimming and related techniques to gain access to protected information

• Inaccurate actions by employees can lead to data leaking seven times more often than in other industries at risk of cyber-attacks
• 60% of the 4856 personal data breaches reported to the ICO in the first half of 2019 were the result of human error

Theft or loss of devices

• Laptops, smartphones, thumb drives and other data storage media can be lost, stolen or disposed of improperly.

  Employee data theft or data leak

• Employees might deliberately access protected information without authorisation with malicious intent. 28% of breaches involve insiders, according to a Verizon report.

Solutions

Health care organisations must take a proactive approach to data security.

Don’t try to go it alone. Seek solutions that can help automate as many tasks as possible so you and your team can focus on your patients.

A good starting point is to consult the ASD Essential Eight Maturity Model, which outlines fundamental security practices such as regular patching to minimise cyber risk.

In the document management and printing space, Canon has partnered with McAfee to boost data security. We now bundle McAfee Embedded Control with the entire family of imageRUNNER ADVANCE Gen III Series III multifunction devices. This secure solution provides signatureless protection against zero-day and advanced persistent threat attacks. It uses intelligent whitelisting to block execution of unauthorised applications.

Contact Canon to find out how we can help secure your information.