Preparing for tomorrow’s security threats today

The latest Threat Horizon report, published annually by non-profit organization the Information Security Forum (ISF), has identified a number of security concerns that it predicts will become more prominent over the next few years. Within this report, ISF has highlighted three key trends that organizations need to be aware of: Disruption, distortion, and deterioration.

In this article, we’ll be taking a closer a closer look at each of these trends, and how healthcare organizations can safeguard themselves against the associated security threats.

Theme one: Disruption
Disruption covers a number of areas, including deliberate internet outages, ransomware becoming an increased threat due to the Internet of Things (IoT), and direct threats being made against high profile employees in an attempt to force them into divulging sensitive information.

How can healthcare organizations safeguard themselves against these threats?

Internet outages – whether deliberate or not – are difficult to predict, and can bring an entire organization to its knees. It is therefore crucial for healthcare organizations to have backup communication systems in place, that do not rely on having an Internet connection to be able to exchange information securely.

ansomware is not a new threat, but as more connected devices and health apps make it to market, more vulnerabilities are opened up. For healthcare organizations that supply patients with health trackers to monitor their condition which share PHI, it is crucial that the devices supplied have comprehensive security features built in to minimize the risk of this type of cyber attack occurring.

Finally, if there is a risk of staff being threatened directly, perhaps even physically by criminals looking to obtain sensitive data, organizations need to invest in special measures to protect individuals with privileged access, as well as monitoring who has access to critical assets to ensure that any breaches can be quickly traced.

Theme two: Distortion
The ISF believes that by 2018, attackers will begin to falsify or distort internal information in the hope of damaging the targets’ reputation or operational effectiveness. This could be hugely damaging for healthcare organizations, who are subject to substantial fines for data breaches.

How can healthcare organizations safeguard themselves against these threats?

Healthcare organizations should be aware of the potential for fake news stories to be circulated and should therefore monitor mentions of their business online, with a PR and contingency plan in place to react promptly to false claims.

Theme three: Deterioration
HIPAA not keeping pace with technology has already resulted in issues for the healthcare industry, as standards around encryption and storage of PHI can be difficult to interpret. With BYOD and new apps and wearables becoming commonplace, it is increasingly difficult to keep track of all entities and devices that access the data held by organizations, leaving them vulnerable to breaches.

In addition, the ISF predicts that further advances in technologies and the conflicting demands posed by heightened national security and individual privacy may impede an organization’s ability to manage its own information effectively.

How can healthcare organizations safeguard themselves against these threats?
Prevention is better than cure, so healthcare organizations need to perform regular audits on their technologies and business associates to guard against breaches caused by outdated security safeguards. By adhering to the standards outlined in the HIPAA rules, relating to technical, administrative, and physical safeguards, and developing a future-proof strategy to protect PHI with a focus on emerging technologies, healthcare organizations will be in a good position to stay one step ahead of regulations, and new types of cyber attack.