According to recent research by Healthcare IT News and HIMSS Analytics, up to 75 percent of hospitals in the U.S. could have been hit by ransomware attacks in the past year, with over 50 percent saying that they have definitely been hit and 25 percent unsure or having no way of knowing. In most cases, ransomware gets into an organization as a result of a phishing or spear phishing attack in which a user clicks on a tainted link. On the plus side, however, 73 percent of hospitals have a continuity plan in place for addressing ransomware should they suffer an attack.The healthcare sector is a particularly attractive target for hackers looking to make a fast buck through ransomware attacks. Patient records have a higher dollar or resale value than credit cards since so much information is attached to them, including Social Security numbers, full addresses and financial information. The amount of information contained in medical records can be used for a variety of purposes, including financial identity theft such as taking out loans in the victim’s name. Due to these ongoing threats, it’s clear that more user education and security awareness training is required in the healthcare sector.

Healthcare Security a Challenge

Security is a challenge in any healthcare environment, even in large facilities that have substantial budgets available. Not only do hospitals and other facilities amass massive volumes of data, but the urgent nature of medical care makes the sector a great target. In many cases, a doctor or nurse may just have five minutes to spend with a patient, and one minute spent logging into a system containing their medical records is too much. Additionally, some doctors may not necessarily be full-time employees of a particular hospital, dividing their time between different facilities. The trade-off between efficiency and security must be carefully managed when handling patient information. There are also stringent requirements for keeping patient information confidential in the U.S. in the form of HIPAA.

Because budgeting is an issue in many parts of the healthcare sector, the industry is generally very event-driven and more reactive than proactive. In a recent study by the Ponemon Institute, 65 percent of healthcare organizations stated that they had insufficient budget for their cybersecurity efforts to be effective. Many healthcare organizations report tight budgets overall. Just delivering quality medical care within tight budgets is a challenge, requiring a lean and mean operations infrastructure. Building out and managing such an infrastructure can be difficult and expensive, even when a facility has the resources available to do so.

Integrated Security Platforms Required

Healthcare organizations need to put in place a security model that meets the needs of the business, but that’s also simple and easy to use. Mobile devices are easily lost or stolen, and some mobile apps are known to contain data-stealing malware. This is a particular problem in the healthcare sector, where the depth and breadth of data collected on individuals is particularly valuable to attackers.

Your mobile security platform should not only meet those requirements, but also integrate seamlessly with other security controls, with defense-grade mobile security. Samsung Knox security controls include identity and authorization management, as well as encryption of all data on devices. If a device is lost, no one other than its owner is able to access the information it contains. Biometrics in the form of fingerprint recognition are built into devices, making authentication easier and faster for healthcare professionals and improving overall security.

With the healthcare industry and others being subjected to ransomware attacks, as well as other security issues, security cannot be left to chance. Patient records contain such detailed information that they are a treasure trove for attackers. The technology offered by Samsung will do much to ease security concerns, stave off attacks and enable healthcare professionals to concentrate on their core business of providing high-quality medical care.

Want to ensure more secure authentication in your healthcare organization? Check out these tips for secure authentication in healthcare.

Posts By

Sam Phillips

Vice President, CISO, Samsung Business Services
Sam Phillips is responsible for building security support services for large global customers. Prior to joining Samsung, Sam served in security leadership roles at BlackBerry, Bank of America and The Boeing Company. Sam holds a Bachelor of Science in Computer Science from Montana State University and a Master of Science in Information Systems Management from Seattle Pacific University. Follow him on Twitter: @sam_phillips_se

View more posts by Sam Phillips