One of the many permanent effects of the pandemic has been the shift to telehealth, telemedicine, and other connected technologies. This rapid pivot to digital service delivery for traditionally in-person services has expanded the threat landscape for cybercriminals, adding to the significant security headache with which hospitals and healthcare providers were already struggling. Let’s take a look at some of these security concerns, particularly for passwords, and what hospitals and healthcare providers can do.
Security Concerns in Healthcare
A recent report by the U.S. Department of Health and Human Services (HHS) found that the number of healthcare breaches in the first five months of 2022 nearly doubled from the same period last year. Ransomware is one of the growing threat vectors, with another study finding that 66 percent of healthcare organizations were hit by ransomware in 2021 compared to 34 percent in the prior year.
But, there are also numerous new security concerns emerging with the increased adoption of digital health technologies. For example, the “State of Healthcare IoT Device Security 2022” found the following:
- More than 50 percent of connected devices in the average hospital have critical security risks.
- Nearly 75 percent of IV pumps have vulnerabilities that could negatively impact patient health if exploited.
- Insecure passwords are the most common device risk.
In addition to these challenges, many healthcare organizations increasingly rely on mobile applications. These apps contain sensitive personal health details, representing yet another vulnerability that could lead to HIPAA breaches if not properly addressed. So, what’s the first step hospitals and healthcare providers can take to shore up these concerns?
Creating Stronger Passwords
As mentioned above, numerous security vulnerabilities hinge on insecure, weak, or compromised passwords. That’s why the right identity authentication security strategy is essential to preventing threats and ensuring that only authorized personnel have access to systems. This helps protect against ransomware, criminal hacking, phishing, and password-based attacks. Healthcare organizations can deploy the following steps to help create stronger passwords.
#1: Multi-Factor Authentication
Adopting additional authentication measures like adaptive authentication and biometrics adds more layers of protection, reducing the risks of a password attack.
#2: Threat Intelligence Tools
These tools can automatically detect and prevent the use of compromised credentials. They are automated, which reduces the pressure on the IT team while improving security. By checking for exposed passwords before they are activated and monitoring them continuously, the risk of exposed passwords being used is removed. This approach stops systems from being an easy target for password-based attacks.
#3: Focus on Exposure
End the cycle of password resets. Don’t waste time and resources resetting passwords when the crux of the problem is exposure.
#4: Educate Employees
Healthcare providers must continually educate employees on password best practices. This can help instill better security hygiene and discourage the use of weak passwords, password reuse, and password sharing. Another simple step to alleviate password problems is to make every employee use a password manager before accessing any systems.
Handling Cybersecurity Concerns
Connected health offers numerous benefits for patients and providers, but only if the latter gets a handle on the corresponding cybersecurity concerns. It’s critical that healthcare organizations tighten up security across the board but also not overlook the basics like identity access management and securing the password layer. The success with which the industry rapidly rolled out digital offerings in response to the pandemic is a testament to how efficiently healthcare organizations can act in the face of urgency. It’s imperative that they harness this same resolve to tighten up security, otherwise, they face a never-ending barrage of attacks.