Every situation brings in a set of advantages and disadvantages along with itself. Telehealth and IoT are driving a new dimension data security requirement which has certainly made healthcare much more accessible throughout the pandemic. However, it has caused a threat to the security of patient data across application security, endpoint security, IP reputation, patching cadence and overall network security.
In 2018, 56% of surveyed healthcare providers had 3rd party breaches by one or more 3rd party vendors within the last 2 years. – Ponemon Institute
WHAT ARE THE COMMON CAUSES OF HEALTHCARE DATA BREACHES?
● PHISHING
Hacking and other IT incidents dominated the breach reports in July and September of 2020. There were 4 breaches categorized as theft involving the PHI/ePHI of 83,306 individuals. Phishing attacks usually dominate the healthcare breach reports and while email-related breaches are the most common type of breach, network server breaches aren’t far away, most commonly involving the use of Malware or Ransomware.
● RANSOMWARE
The increase in ransomware is certainly a cause of concern, especially considering the rise in human-operated ransomware attacks that involve the theft of patient data prior to file encryption. These attacks see patient data exposed or sold if the ransom is not paid, but there is no guarantee that stolen data will be retrieved even if the ransom is paid. Many of the recent ransomware attacks have involved the exploitation of vulnerabilities, even though patches to address the flaws are released several weeks or months prior to the attacks. Brute force tactics continue to be used on RDP, so it is essential for storing passwords to be set. Human operated ransomware attacks often see attackers gain access to healthcare networks weeks before ransomware is deployed. By monitoring networks and event logs for anomalous user behavior, it may be possible to detect and block an attack before ransomware is deployed.
HOW TO ENSURE DATA SECURITY?
NIST
CompCiti recommends following the NIST Framework for implementing Cybersecurity measures. These five Functions are recommended because they represent the five primary pillars for a successful and holistic cybersecurity program. They aid organizations in easily expressing their management of cybersecurity risk at a high level and enabling risk management decisions.
The five domains are as follows:
- IDENTITY
- PROTECT
- DETECT
- RESPOND
- RECOVER
CIA TRIAD
In the Information Security (InfoSec) community, “CIA” has nothing to do with a certain well-recognized US intelligence agency. These three letters stand for Confidentiality, Integrity, and Availability, otherwise known as the CIA triad.
Together, these three principles form the cornerstone of any organization’s security infrastructure; in fact, they (should) function as goals and objectives for every security program. The CIA triad is so foundational to information security that anytime data is leaked, a system is attacked, a user takes a Phishing bait, an account is hijacked, a website is maliciously taken down, or any number of other security incidents occur, you can be certain that one or more of these principles has been violated. Security professionals evaluate threats and vulnerabilities based on the potential impact they have on the confidentiality, integrity, and availability of an organization’s assets—namely, its data, applications, and critical systems. Based on that evaluation, the security team implements a set of security controls to reduce risk within their environment. In the next section, we’ll provide precise and detailed explanations of these principles in the context of InfoSec, and then look at real-world applications of these principles.
CONFIDENTIALITY
Confidentiality or privacy refers to measures taken to guarantee that data — particularly sensitive data — is protected from unauthorized access. In the age of GDPR, privacy is required to be a basic design consideration. The level of confidentiality can vary based on the data type and/or regulation. For example, as per regulations like the GDPR, protecting customer data would mean going beyond mere authorized access, to piecemeal access only if the application absolutely requires it.
INTEGRITY
Integrity pertains to safeguarding the accuracy of data as it moves through your workflows. It not only includes protecting data from unauthorized deletion or modification but also should contain measures to quickly reverse the damage if a breach were to occur.
AVAILABILITY
Availability, quite simply, means providing seamless, uninterrupted access to your users. This entails robust server and network infrastructure and high-availability mechanisms built into system design.
CIA TRIAD: IMPLEMENTATION BEST PRACTICES
Here are some best practices for implementing the CIA Triad of confidentiality, integrity, and availability.
PUTTING CONFIDENTIALITY INTO PRACTICE
- Categorize data and assets being handled based on their privacy requirements.
- Require data encryption and two-factor authentication to be basic security hygiene.
- Ensure that access control lists, file permissions and white lists are monitored and updated regularly.
- Train employees about privacy considerations both at a generic org-wide level, and as per the nature of their role.
SCOPING INTEGRITY
- Review all data processing, transfer and storage mechanisms.
- Version control, data logs, granular access control, and checksums can be useful to enforce integrity. Hash functions can further prevent data corruption.
- Understand your organization’s compliance and regulatory requirements. For instance, GDPR permits data transfers to vendors in non-EU countries or other organizations, only if “adequate levels of protection” and “legal safeguards” are in place.
- Invest in a dependable backup and recovery solution; one that assures business continuity and quick data recovery in the event of a security or data breach.
ENSURING AVAILABILITY
- Build preventive measures such as redundancy, failover, and Redundant Array of Independent Disks (RAID) into system design. Make security audits routine. Auto-update or stay abreast of system, network, and application updates.
- Utilize detection tools such as network/server monitoring software and anti-virus solutions.
- Know that even highly-secure SaaS platforms and applications can experience downtime. Reliable cloud-based data backup ensures that all data can be accurately recovered in minutes.
- Develop a Data Recovery and Business Continuity plan with detailed corrective measures in the event of data loss, including timely communication with customers.
