Last week, PAN Vice President Dan Martin wrote about trends at leading healthcare event HiMMS, which takes place this year the same week as the premier security industry event RSA Conference. We anticipate a lot of similarities in the themes discussed at both events, as healthcare security continues to be an increasingly hot topic. Here are the top healthcare security trends we are looking at as RSA approaches.
Internet of Things
In a pre-RSA Conference blog post last year, we wrote about the emergence of new concerns around the security of Internet-connected medical devices – for example security expert and diabetic Jay Radcliffe hacking into his own insulin pump, and the fictional hacking of the Vice President’s pacemaker on the TV show Homeland. In August 2015, these threats became all too real when the U.S. Food and Drug Administration called for hospitals to discontinue use of infusion pumps due to security vulnerabilities.
Back in November, I wrote that IoT will pose a challenge to organizations as they deal with security concerns. As more and more hospital devices are connected to the Internet, concern that these devices could be hacked will only increase. According to PwC’s Health Research Institute's 2015 consumer survey, consumers are especially concerned about the vulnerability of connected medical devices to security breaches and cyber attacks. At RSA Conference, Forrester Analyst Christopher Sherman will dive into these issues in a session titled, Separating Fact From Fiction: The Real Risks Within Medical Device.
Concerns over the security of patient data are only increasing as well. The recent Shadow Data Report from Elastica, a Blue Coat Company (Blue Coat is a PAN client), found that Protected Health Information (PHI) dominates the healthcare and pharmaceutical industries at 52 percent of all sensitive documents. Alarmingly, leakage of PHI documents is potentially more devastating than the leakage of Personally Identifiable Information (PII) or Payment Card Information (PCI) data, as it often includes a richer source of data that can be exploited for phishing and other social engineering attacks.
Image from: kaboompics.com used under CC license.
According to Healthcare Informatics, healthcare hacks accounted for the most breaches in the first half of 2015, and Healthcare IT News reported that of the seven largest breaches in the last year, three impacted companies in the healthcare industry, most notably Anthem which was the largest healthcare data breach ever. These breaches can have dire effects on consumers whose personal information is leaked, and also on the organization. The PwC research found that organizations are often unprepared to deal with these breaches, and can face lawsuits and harm to their reputations as a result.
We’re in the midst of preparing for RSA Conference, and working with our clients to break through the noise of this busy event (for more insights, check out our recent post about top PR strategies for RSA here). As we do so, we are keeping a close eye on the latest industry trends in the fast-evolving healthcare security space.