Healthcare Cybersecurity Strategy for 2016

In 2015 healthcare witnessed some of if not the largest security exploits in history.

99 million healthcare records were thought to be compromised through around 93 different attacks. Overall the industry costs for security breaches exceeded it seems $6 billion.

Moving forward in 2016: a lot of process change needs to happen.

This not only extends to best practices of network and enterprise security; but also common sense knowledge of how to mitigate social engineering and back door attacks.

Enabling multi-factor biometrics for secure and authorized authentication enables best practice to displace the legacy password model.

Even if you had the common access card with the magnetic strip or embedded chip today, how do you know that this is the person with authorized access?

The question for healthcare organizations moving forward is as follows: Will your cybersecurity strategy be able to thrwat dedicated and evolving threats from the edge, through the wireless space, to the back end?

Download Fireeye-top-trends-report-pharma

Password Challenges for Healthcare

The growth of the Electronic Healthcare Record has provided major advantages, opportunities, and some interesting challenges.

One item to point out is that clinicians and physicians went to school with the desire to take care of patients; not technology.

When they are burdened to spend time logging in with passwords it introduces some potential areas to look at.
Is the password truly unique and is it changed on a mandated basis? While two step authentication and tokens can be used....are these actually used?

However the most interesting situation to think about "Is that really the person that is authorized to have access to that persons Electronic Healthcare information?" Could somebody else have or being sharing their password to make work easier for all?

Another important area to look at is what happens if the logged in user gets distracted (for instance by a code, phone call, or has to consult with another person) and steps away from the session. Is a this session immediately logged out?

It appears that some EHR providers have instituted a time out of for example fifteen minutes, if a secure session is open and if there is no activity. How did someone come up with the idea of 15 minutes? While this on the surface seems like a good stop gap; it still provides an ability for any un-authorized person to have access to not only to the specific patient's files, but the enterprise at large. A back door it seems.

Finally some statistics point out that clinicians are often having to log in and log out sometimes up to 90 times per patient shift. So some could understand potential work arounds. However you would think technology could provide a better way and decrease time and potential security risks.

Why not look at using a leap forward technology platform that uses multi-factor biometrics in a secure fashion to authenticate the right user to the right application...while drastically decreasing the work load and the hassle factor for the clinician.

A proven novel idea...but now becoming a reality. www.blustor.co

Stay tuned for the next evolution.