igor - Fotolia
For those unfortunate enough to have experienced a healthcare data breach, they know firsthand it is a difficult journey full of uncertainty, financial liability, as well as a public relations nightmare. Healthcare data breaches and hacks have become common news items. The penalties and legal mess that follows a healthcare data breach have frightened many providers into asking themselves the following questions. What can be done to avoid becoming yet another data breach victim in this almost-completely digital age? What are some of today's products that can improve a healthcare system's security? What are some of the innovations available that can outsmart today's cybercriminals?
The increased frequency of medical identity theft is a reminder to healthcare organizations of all sizes that the threat of a healthcare data breach is real. Many of today's hospitals -- including those that have gone through data breaches -- use sophisticated and advanced security systems. They use enterprise security software and system management tools that provide in-depth monitoring of hospital systems and capture and store security data in logs. Unfortunately, their systems can still be breached and result in a significant amount of leaked data. The recent UCLA breach is a reminder to everyone that cybercriminals are capable of attacking large organizations and gain access to millions of patient records.
Analytics could be the answer
There is more for health systems to consider than just avoiding putting their patients' personal information and financial state at risk. They should still enforce common security standards such as password policies and firewall access controls. Beyond that, security experts recommend looking for answers in the troves of information being collected by today's security tools. Some security products gather detailed information on the health of internal systems, remote connection attempts, failed passwords, data transmissions and the behavior of users.
Security firms have begun to apply analytics to this wealth of information to detect anomalies and potential signs that an attack is in progress. It is too complex a task for system administrators to collect and interpret this information without the help of an analytics tool. Security vendors are dangling products with these analytics capabilities to new and existing clients.
Companies such as Dell SecureWorks and Cisco have introduced data analytics into their security products to help customers proactively guard their systems from intruders. On the trail of analytics' entrance into security, it may be time for artificial intelligence (AI) to help with the early detection of a data breach in healthcare. AI is already used to prevent retail theft by monitoring security cameras' live feeds.
How to use AI for security
AI is capable of evaluating different system logs and traffic patterns within networks and assessing different events triggered at firewalls or servers. By studying that information, AI can identify abnormalities such as failed passwords attempts, or large amounts of data being transferred to servers in different countries.
Security vendors are aware that healthcare is a target for cybercriminals. Whether their goal is stealing and selling patients' personal information or committing insurance fraud to access free health services, hackers will do everything they can to break through firewalls and other security measures to gain access to vulnerable systems. Some hackers are able to stay undetected within systems for months and leave when they have captured the data they're interested in. Traditional security tools may not be sufficient enough to safeguard healthcare networks. Adding analytics and AI to the security mix may help prevent and detect future attacks.
About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story or preventing a healthcare data breach; e-mail firstname.lastname@example.org or contact @SearchHealthIT on Twitter.
Department of Homeland Security and FBI have eyes on healthcare cybercrime
Inforgraphic has security atop health IT purchasing intentions list
The FDA offers healthcare cybersecurity guidance