小程序
传感搜
传感圈

Addressing Security & Creating Stronger Passwords in Healthcare

iotforall
2022-10-05
关注

How the Healthcare Sector Can Immunize itself from Hackers
Illustration: © IoT For All

One of the many permanent effects of the pandemic has been the shift to telehealth, telemedicine, and other connected technologies. This rapid pivot to digital service delivery for traditionally in-person services has expanded the threat landscape for cybercriminals, adding to the significant security headache with which hospitals and healthcare providers were already struggling. Let’s take a look at some of these security concerns, particularly for passwords, and what hospitals and healthcare providers can do.

'Connected health offers numerous benefits for patients and providers, but only if the latter gets a handle on the corresponding cybersecurity concerns.' -Michael GreeneClick To Tweet

Security Concerns in Healthcare

A recent report by the U.S. Department of Health and Human Services (HHS) found that the number of healthcare breaches in the first five months of 2022 nearly doubled from the same period last year. Ransomware is one of the growing threat vectors, with another study finding that 66 percent of healthcare organizations were hit by ransomware in 2021 compared to 34 percent in the prior year. 

But, there are also numerous new security concerns emerging with the increased adoption of digital health technologies. For example, the “State of Healthcare IoT Device Security 2022” found the following:

  • More than 50 percent of connected devices in the average hospital have critical security risks.
  • Nearly 75 percent of IV pumps have vulnerabilities that could negatively impact patient health if exploited.
  • Insecure passwords are the most common device risk.

In addition to these challenges, many healthcare organizations increasingly rely on mobile applications. These apps contain sensitive personal health details, representing yet another vulnerability that could lead to HIPAA breaches if not properly addressed. So, what’s the first step hospitals and healthcare providers can take to shore up these concerns? 

Creating Stronger Passwords

As mentioned above, numerous security vulnerabilities hinge on insecure, weak, or compromised passwords. That’s why the right identity authentication security strategy is essential to preventing threats and ensuring that only authorized personnel have access to systems. This helps protect against ransomware, criminal hacking, phishing, and password-based attacks. Healthcare organizations can deploy the following steps to help create stronger passwords.

#1: Multi-Factor Authentication

Adopting additional authentication measures like adaptive authentication and biometrics adds more layers of protection, reducing the risks of a password attack.

#2: Threat Intelligence Tools

These tools can automatically detect and prevent the use of compromised credentials. They are automated, which reduces the pressure on the IT team while improving security. By checking for exposed passwords before they are activated and monitoring them continuously, the risk of exposed passwords being used is removed. This approach stops systems from being an easy target for password-based attacks.

#3: Focus on Exposure

End the cycle of password resets. Don’t waste time and resources resetting passwords when the crux of the problem is exposure.

#4: Educate Employees

Healthcare providers must continually educate employees on password best practices. This can help instill better security hygiene and discourage the use of weak passwords, password reuse, and password sharing. Another simple step to alleviate password problems is to make every employee use a password manager before accessing any systems.

Handling Cybersecurity Concerns

Connected health offers numerous benefits for patients and providers, but only if the latter gets a handle on the corresponding cybersecurity concerns. It’s critical that healthcare organizations tighten up security across the board but also not overlook the basics like identity access management and securing the password layer. The success with which the industry rapidly rolled out digital offerings in response to the pandemic is a testament to how efficiently healthcare organizations can act in the face of urgency. It’s imperative that they harness this same resolve to tighten up security, otherwise, they face a never-ending barrage of attacks. 

Tweet

Share

Share

Email

  • Cybersecurity
  • Healthcare
  • IT and Security
  • Medical Devices
  • Privacy

  • Cybersecurity
  • Healthcare
  • IT and Security
  • Medical Devices
  • Privacy

参考译文
解决安全问题并在医疗保健中创建更强的密码
大流行的许多永久性影响之一是向远程保健、远程医疗和其他连接技术的转变。传统的当面服务迅速转向数字服务交付,扩大了网络犯罪的威胁范围,增加了医院和医疗保健提供者本已在努力解决的重大安全问题。让我们看看这些安全问题中的一些,特别是关于密码的问题,以及医院和医疗保健提供者可以做些什么。美国卫生与公众服务部(HHS)最近的一份报告发现,2022年前5个月的医疗违规数量比去年同期几乎翻了一番。勒索软件是日益增长的威胁载体之一,另一项研究发现,在2021年,66%的医疗保健组织受到勒索软件的攻击,而前一年的这一比例为34%。但是,随着越来越多地采用数字卫生技术,也出现了许多新的安全问题。例如,《2022年医疗物联网设备安全状况》发现:除了这些挑战之外,许多医疗机构越来越依赖移动应用程序。这些应用程序包含敏感的个人健康细节,这是另一个漏洞,如果不适当解决,可能导致违反HIPAA。那么,医院和医疗服务提供者可以采取的第一步是什么来消除这些担忧呢?如上所述,许多安全漏洞都依赖于不安全的、弱的或被破坏的密码。这就是为什么正确的身份验证安全策略对于防止威胁和确保只有授权人员才能访问系统至关重要。这有助于防止勒索软件、犯罪黑客、网络钓鱼和基于密码的攻击。医疗保健组织可以部署以下步骤来帮助创建更强的密码。采用额外的身份验证措施,如自适应身份验证和生物识别技术,增加了更多的保护层,降低了密码攻击的风险。这些工具可以自动检测和防止使用被破坏的凭证。它们是自动化的,这减少了IT团队的压力,同时提高了安全性。通过在激活密码之前检查暴露的密码并持续监控它们,可以消除暴露密码被使用的风险。这种方法防止系统成为基于密码的攻击的容易目标。结束重置密码的周期。当问题的关键是暴露时,不要浪费时间和资源重置密码。医疗保健提供者必须不断就密码最佳实践教育员工。这可以帮助逐步灌输更好的安全卫生,并阻止使用弱密码、密码重用和密码共享。减轻密码问题的另一个简单步骤是让每个员工在访问任何系统之前使用密码管理器。互联医疗为患者和医疗服务提供者提供了许多好处,但前提是后者能够处理相应的网络安全问题。至关重要的是,医疗保健组织要全面加强安全性,但也不要忽视身份访问管理和保护密码层等基础知识。该行业迅速推出数字产品以应对大流行的成功证明了医疗保健组织在面对紧急情况时可以如何有效地采取行动。他们必须利用同样的决心来加强安全,否则,他们将面临无休止的攻击。
您觉得本篇内容如何
评分

声明:转载此文是出于传递更多信息之目的。若有来源标注错误或侵犯了您的合法权益,请与我们联系,我们将及时更正、删除,谢谢。

评论

您需要登录才可以回复|注册

提交评论

iotforall

这家伙很懒,什么描述也没留下

最近发布
加载更多

相关阅读

加载更多

iotforall

这家伙很懒,什么描述也没留下

关注

点击进入下一篇

屏蔽网络干扰,保持注意力集中,控制D

提取码
复制提取码
点击跳转至百度网盘

取消 确认