Medical data is a valuable commodity—one that needs to be protected from cybersecurity threats. Tom Merritt lists five things to know about medical data security.
Seth Rosenblatt’s “The Parallax View” recently posted about medical vulnerabilities found by CybelAngel’s senior cybersecurity analyst, David Sygula. TechCrunch had a similar writeup about warnings for medical imaging from Greenbone Networks’ lead researcher, Dirk Schrader. Last December, Kaspersky project manager Maria Namestnikova warned that software used by medical organizations is not always secure enough. Sensing a trend? Here are five things to know about medical data security.
- The data is out there. The file format, DICOM which is commonly used for scans, includes 240 metadata fields with sensitive information about patient identity. In his scan of the internet, Sygula found more than 45 million unencrypted medical images in 67 countries.
- The data is valuable. Patient data can sell for 10 times that of other types. It’s used to make fraudulent prescriptions and carry out insurance scams and it can damage people’s medical history.
- You need a strategy. If you work in any way with medical data, either at a healthcare facility or making software for them, you need to know your security strategy now. Each organization and vendor’s attack surface is different. Know the nature of the threats and the gaps to fill.
- Understand your enemy. Engage in simulations, get a red team to attack your system and learn where the weak spots are. Hint: it’s probably humans.
- Invest in protection. That starts with spending time and money training humans in security hygiene and best practices. You also need to invest in a security stack they can use to defend themselves.
With whole government health systems being affected and lives on the line, knowing about the security risks to medical systems is more than just important—it’s critical.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.