Healthcare Ranks Last in Cybersecurity
By Bryan O’Neal, Healthcare Technology Consultant
“Healthcare ranks last in cybersecurity.”
That’s a tough pill to swallow, isn’t it? However, according to an analysis published last month by security rankings provider, BitSight Technologies, it’s true. Healthcare and pharmaceuticals ranks lowest of the four major industries in the United States. That’s lower than retail, utilities or finance. Ouch.
The report measured security performance from April 2013 through May 2014. Healthcare experienced the longest average event duration, at 5.3 days per security incident. Our industry also saw the largest percentage of security incidents over the one year time period.
With a host of valuable information, such as patient identities, credit cards, and insurance information, healthcare IT networks are a prime target for hackers. This isn’t just about compliance anymore. Today, it can be assumed your network is or will be comprised. While we should still try to prevent this from happening, it’s now more important to be able to detect and respond to these threats.
How are businesses in other industries managing their risk? They start with an assessment of their firewall traffic. In most cases, the highest percentage of threats to your data pass through your firewall. Starting with a basic assessment will provide you the insight needed to see the threats you have now. The report should include the following:
1.) Identify current vulnerabilities
2.) List high-risk applications and protocols
3.) Present traffic distribution statistics by geographic location, URL category and traffic type
4.) Highlight the top 20 high-risk applications found
5.) Highlight the top 20 high-bandwidth applications found
Don’t wait until your practice has become a victim. Your patients, your business and your reputation are at risk. It’s time for healthcare to improve its cybersecurity standings.
Bryan O’Neal is a healthcare technology consultant at Golden West Technologies in Rapid City. To request a copy of the BitSight analysis, contact him at firstname.lastname@example.org.