With a steady increase of customers affected by data breaches in the health care sector over the past several years, Security Operation Centers (SOCs) are beginning to explore a change in tactics to compensate. While previous efforts focused primarily on preventative measures, the new focal point is going to revolve around threat detection coupled with more aggressive counter-intrusion protocols.
One reason for the shift is the notion that threat prevention tends to lock systems into individual “fortresses.” While this can be effective for a long stretch of time, determined attacks are eventually able to ferret out the weaknesses in these bunkered systems and gain entry regardless. The nature of hacking and network intrusion is inherently adaptable, so it stands to reason that a static defense can only be effective for a limited time without similar adaptation.
This concern is why threat detection is becoming invaluable in the push against cyber-attacks. While fortified systems can provide some measure of security, the data collected from recognizing potential breach vectors, and thwarting them, is able to be shared across many organizations. This networking of information serves the dual purpose of highlighting potential intrusion methods to watch for, as well as what strategies are most suited to neutralizing the threat if it arises.
Despite this shift in priorities, there are still a host of glaring pain points that will require no small amount of investment by organizations to overcome. One of the most common risks to the health care sector has been password authentication to access protected information. Phishing attacks directed at customers to acquire their log-in credentials have been particularly difficult to overcome, but those issues are steadily being resolved through organizations that are modernizing to use biometric-authentication methods.
According to Gartner, there is a huge need for health care organizations to modernize as the threat of breaches continues to evolve. Nearly 50 percent of health care organizations are predicted to modernize their security efforts by the year 2022, compared to just 10 percent in 2015. In addition to modernizing authentication procedures, these updates are expected to include the aforementioned threat-recognition measures and incident-response techniques.
However, while these objectives are set to reverse the data-breach trends of previous years, they don’t come without their own set of obstacles. While incidents that were caused by password authentications are predicted to decline, instances of cloud-security failures are expected to rise between 2019 and 2023. While the majority of these failures are anticipated to be triggered by customers, the root cause of the issue is believed to stem from a lack of security teams and fresh cybersecurity professionals being trained to fill a growing number of empty positions. The void created by these vacant seats is especially felt as more institutions begin to transition to cloud-based record-keeping.
Gartner Research vice president, Peter Firstbrook, went on the record in a statement concerning the shift to cloud service, “Public cloud is a secure and viable option for many organizations, but keeping it secure is a shared responsibility.” He continued by saying: “Organizations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”
To be kept up to date with more news on current events in the health care industry, as well as tips and tricks for maintaining HIPAA compliance, visit HIPAAgps to start your 7-day, Risk-Free Trial.