The current world has been subjected to immense technological developments and innovations that have improved the quality of life. The change has compelled most organizations to integrate their management practices with information systems. Healthcare systems are inherently great examples of institutions that have embraced the shift hopping that they will be able to improve the quality of healthcare services that they provide to their patients. However, studies have proved that the transition has not been entirely secure. The change in the nature of cyber-attacks requires that healthcare organizations should have comprehensive knowledge about some of the proven measures that they can implement to protect their networks, computer devices and even data.
Privilege abuse, stolen assets and consequently miscellaneous errors are the top three areas that are affected by incidences that affect healthcare systems. Consequently, security vulnerabilities make these areas to be susceptible to risks for various reasons. For instance, most hospitals lack risks mitigation measures in place. Thus for the case of privilege abuse, unauthorized parties are likely to gain access into network systems or computer devices because they have not been authenticated by passwords. It is easy to justify that the few hospitals that use passwords authentication do not follow the right password creation procedures. That means that other than using weak passwords that are comprised of letters or numbers only, these hospitals do not apprehend the consent of changing the passwords frequently to prevent the possibilities of security breaches. For the case of stolen assets, it is unfortunate that a majority of hospital managements do not see the sense of setting up physical security measures.
Use your promo and get a custom paper on
"Risks in Healthcare IT".
The few healthcare institutions that have physical security are either having incompetent security personnel or have a small number of security personnel who can barely guarantee the safety of the entire hospital setups. Hospitals are also susceptible to privilege of abuse because a majority of them do not have proper data security procedures. That means that people who are not authorized to have access to critical systems such as databases systems can go beyond their legal privilege to manipulate data that belongs to the healthcare institutions. In addition to that, most healthcare set ups are also susceptible to issue of miscellaneous errors because of open networks or network that has holes. The vulnerability makes it easier for the hackers and other groups of unauthorized persons to access the network and implant malware that can manipulate data leading to miscellaneous errors.
There are a number of recent breaches that can be used to show that the implication of a security breach. For instance, in a study that was conducted by Verizon, it was noted that approximately 32% of all security incidents that are encountered in healthcare setups are inherently stolen assets. That means that devices such as mobile phones, laptops, tablets and even flash drives are either misplaced or stolen. The statistic is worrying bearing in mind that important piece of information and data could be lost with the devices. To make matters worse, the cost of replacing these devices are high thereby causing financial inconveniences to the affected individuals. As illustrated in one article in HealthIT Security, a laptop belonging to the Children’s Hospital Los Angeles got lost last year from a vehicle. The theft was a major blow to the hospital’s management because the laptop had information belonging to about 3,600 patients.
Another study that was conducted by Verizon showed that the sector of healthcare is one of the organizations that are more vulnerable to insider abuse. The common forms of privilege abuse that are experienced in hospital setups are malicious forms as well as negligence. That means that unauthorized individuals take advantage of network holes and even unsecured networks to engage in malicious activities. Some of them tend to implant malware and even warms in the networks leading to manipulation of data. Negligence is another form of privilege abuse where individuals who have the authority over the information systems of their hospital setups tend to neglect the available security vulnerabilities thereby providing a convenient platform for hackers and other groups of unauthorized personnel to gain access to network systems and databases. The problem of negligence has also been associated with network administrators doing very little to set up risks mitigation measures to minimize the chances of suffering from security breaches.
Similar studies that have been conducted by Verizon also showed that approximately 18% of security incidences that occurred in hospitals were essentially miscellaneous errors. Many hospitals have been caught up in the mix up of accidentally printing or publishing information belonging to the patients and consequently sending them to wrong addresses or patients. In one of the most recent encounter that is believed to have taken place on August 24, 2012 on employee of County Health Department accidentally sent all the institution’s work emails to a personal Google email account. Some of the information that was forwarded includes the information of the patients.
Considering the above risks, healthcare systems should ensure that proper risks mitigation measures are in place to prevent the incidences that relates to privilege abuse, stolen assets and consequently miscellaneous errors. For instance, physical security should be put in place to ensure that people who enter and leave hospital premises are inspected accordingly to prevent loss of assets. Hospitals should also consider the consent of storing their devices in rooms that are lockable to prevent theft. The hospitals should also hire qualified security professionals who can deal with arising security vulnerabilities in the network systems. Strong passwords should also be used to secure networks and databases to prevent the possibilities of security breach.
- Bagwell, Michael A. “Organizational Decisions about Cyber Security in Small to Mid-Sized Businesses: A Qualitative Study.” PhD diss., Northcentral University, 2016.
- Bentz Jr, Thomas H. “IS YOUR CYBER LIABILITY INSURANCE ANY GOOD? A GUIDE FOR BANKS TO EVALUATE THEIR CYBER LIABILITY INSURANCE COVERAGE.” NC Banking Inst. 21 (2017): 39-501.
- Chou, James C. “Cybersecurity, Identify Theft, and Standing Law: A Framework for Data Breaches Using Substantial Risk in a Post-Clapper World.” (2016).
- Kansteiner, Michael J. “Mitigating risk to DOD information networks by improving network security in third-party information networks.” PhD diss., Monterey, California: Naval Postgraduate School, 2016.
- Verizon. “2016 Data Breach Investigations Report: 89% of breaches had a financial or espionage motive.” (2016).