According the HIPAA Journal’s Analysis of 2018 Healthcare Data Breaches, this past year had the highest number of healthcare breaches 1. Based on their analysis, “2018 was the worst year in terms of the number of breaches experienced, but the fourth worst in terms of the number of healthcare records exposed.”
How can you stay ahead of this trend? I’m hosting a talk about cybersecurity practices at HIMSS19, so I’d like to share a few of them here.
To begin, most forced entries for ransomware and other breaches often originate from obscure sources that could be detected and avoided with the right visibility, monitoring and threat responses.
Most commonly used healthcare security frameworks, such as NIST, HITRUST and Critical Security Controls list visibility as a foundational step of a good security practice. In healthcare scenarios where there is a mixture of IT, Internet of Things (IoT) and medical devices, it isn’t always easy to gain visibility of all the IP-connected devices. Understanding what devices are on the network and their security posture, then continuing to monitor those devices is crucial to determining normal traffic and what needs further attention.
Once you have the device or asset inventory, the next step is to build policies based on the asset intelligence you’ve collected. Policies are key to helping ease your HIPAA Compliance efforts because they automate the process and save hours of manual efforts. For example, HIPAA requires access control, which uses policies to enforce who has the authority to access the device and how the device can be used on the network. Whether trying to maintain compliance for HIPAA in the U.S., or NIS for the UK or Europe, one of the best ways to automate your regulatory compliance is to leverage your policies to enforce key actions.
These are just a few steps from the security best practices, but sometimes focusing on the basics yields the best results. While we all have the best intentions, it can be difficult to prioritize cybersecurity basic practices that can make a difference between staying safe and suffering an intrusion. These steps should help move you in the right direction toward regulatory compliance.
Want to learn more? Visit the Forescout at Booth #400-65 in the Cybersecurity Command Center at HIMSS19 in Orlando or watch my presentation, “Cybersecurity Resolutions: 3 You Can Achieve” at the Cybersecurity Command Center Theatre, Tuesday, February 12th @ 2:45 p.m.
1 Analysis of 2018 Healthcare Data Breaches: https://www.hipaajournal.com/analysis-of-healthcare-data-breaches/
2 Consequences for HIPAA Violations: https://www.hipaaone.com/consequences-hipaa-violations/