Information security healthcare- Healthcare Delivery Organizations (HDOs) are prime targets in cyberattacks.
For instance, in the first half of 2020 alone, up to 41 providers had ransomware attacks. To continually provide patient care, HDOs most likely pay ransoms.
Besides, the industry has a low tolerance for downtime. Which also makes maintaining information security more challenging for the healthcare industry.
However, this is not the only challenge the healthcare industry faces in maintaining information security.
In this post, we will be listing five information security healthcare challenges that HDOs face.
Information Security Healthcare: Challenges
1. Outdated Windows Operating System Versions
Forescout, for instance, reports that there is a reduction in the HDOs percentage of devices running OS supported with the paid ESU program. The report says that it reduced from 71% to 32% during 2019 and 2020, respectively.
On the other hand, the percentage of devices running with unsupported Windows versions remains consistent at 0.4%. Namely, the older versions, like Windows XP and Windows Server 2003.
Perhaps 0.4% is only a tiny percentage, but these devices are the most vulnerable in an HDO. Because the older the operation system, the higher the risks of vulnerability. This legacy problem is causing harm in terms of information security.
2. Network Segments Creates More Vulnerabilities
Forescout has another observation in HDOs network segments.
For example, most Virtual Local Area Networks (VLANs) in HDOs contain at least one healthcare device. At the same time, up to 60% have other non-healthcare IoT devices. That is running in the same network segment.
Another instance is that 90% of the HDOs VLANs mix both healthcare and non-healthcare or IT devices. Computers and printers are together with X-ray machines and patient monitors, for example.
Why is this crucial?
Because when you mix devices in the same segment, a vulnerable device can compromise other sensitive devices running in the same network.
Not to mention the personal devices of employees running along with HDOs sensitive healthcare equipment.
Perhaps personal devices contain malware or are more susceptible to it. Then, it can infect other devices, healthcare devices, that are in the same network.
Thus, making HDOs more prone to threats and attacks.
3. Devices with Default Passwords
Usually, in HDOs, healthcare equipment has default credentials. For example, patient monitors, CT scanners, and other IT and IoT equipment.
Thus, making these devices entry points of possible attacks.
4. External Communications
HDOs also exchange medical information in clear text between public and private IP addresses. As a result, this can easily leak sensitive patient data—for example, patient’s names, addresses, family information, allergies, and test results.
If this way of communication continues, it may result in more compromises for the network. It is perhaps making them serve as potential entry points of attacks.
5. Insecure Protocols
Insecure versions of Transport Layer Security (TLS) are still in use in today’s HDOs. Both externally and internally.
Examples of older versions are SSLv3, TLSv1.0, and TLSv1.1. In contrast, the latest version secures higher-level of protocols, such as HTTPS.