This month Quest Diagnostics became the latest healthcare organization to be attacked by hackers. As a result of the data breach, up to 34,000 people’s health information has been compromised. Quest Diagnostics reports that a hacker gained access to the data via the company’s mobile app MyQuest. The exposed data includes lab results, names, and date of births. However, the company claims that financial information wasn’t accessed.
Quest Diagnostics’ situation is the latest reminder that healthcare organizations need to take precaution when it comes to cybersecurity. Below are the biggest cybersecurity threats that healthcare organizations face.
Sometimes the biggest threat comes from the inside of the organization itself. Healthcare organizations need to do a better job of monitoring employees that have access to patient data. For example, if a particular employee seems to access patient records more than other employees than the organization should take action and investigate. While there could be a legitimate reason for unusual activity, organizations need to do a better job at monitoring all employee activity related to data.
Healthcare organizations like hospitals work with numerous organizations. In order to protect their data, they need to do a better job of analyzing the risk associated with working with different vendors. Vendors should be willing to comply with cybersecurity training. If they aren’t willing to comply, then healthcare organizations shouldn’t work with those vendors.
As long as there are computers, there will be malware, and each year malicious software gets more sophisticated. Healthcare organizations need to protect themselves against malware by using the latest antivirus software and making sure it remains up-to-date. Antivirus software is one of the easiest ways that healthcare organizations can protect themselves.
The Quest Diagnostics situation is a prime example of the dangers of mobile apps. Sometimes in order to make an app more functional manufacturers will compromise on security. In general, healthcare organizations should avoid putting sensitive data on mobile apps.
Medical devices are vulnerable to hacking just like computers and mobile devices. As more medical devices become connected to the internet, the security risk increases. Healthcare organizations must take steps to protect the medical devices they use. They must ensure that the devices they use are reputable and don’t pose any unnecessary security risks.