5 Cybersecurity Challenges in Healthtech + How to Address ThemUnderstand how to improve cybersecurity as healthtech grows and learn what security frameworks your organization should prioritize (other than HIPAA).
by Tony Gagliardi
The healthcare space is a popular target for cybercriminals, with 17% of all data breaches from 2020-2021 happening in the sector. That’s the highest volume of attacks in any single industry, and it’s likely to be a continuing trend, as the same has been true in healthcare for 12 consecutive years. As healthtech grows, cybersecurity becomes even more challenging. Want to have a better understanding of cybersecurity in healthtech and what you can do to respond to threats? In this post, we’ll cover the common concerns and look at the cybersecurity frameworks you can implement to improve the security posture in your organization.
5 Common Cybersecurity Challenges in Healthtech
Technology has a far-reaching impact in healthcare, and so do the cybersecurity concerns that come with it. Here’s a closer look at some of the top challenges and what’s necessary to address them.
1. Legacy Systems
Legacy systems are outdated IT systems that are still in use in many healthcare organizations. In fact, Research published in 2021 found that 73% of healthcare providers used medical equipment running legacy operating systems. These systems often don't stand up to today’s security standards, which means they can be vulnerable to cyberattacks and data breaches. Understanding what you can do to bolster security with these systems in place is critical to reducing risk.
2. Privacy and Data Protection
Another challenge is to balance security and privacy with transparency. For example, according to data published by Stanford Medicine, clinical trial patients see the value in sharing their information. The majority of people surveyed believe that the value of sharing these personal details outweighs any possible negative outcomes. This can go a long way to making progress in the medical space, but it does create a burden for healthcare organizations. There’s a growing amount of data to contend with and a need to keep that information away from unauthorized parties.
3. Additional Complexity and Different Needs
Patients want access to affordable care and to be kept informed about that care while receiving more personalized treatment. Providers want to provide better quality patient care and need better ways to analyze and share information to deliver that. There are different priorities for everyone.
This may mean implementing new solutions and processes that people working within healthcare organizations don’t have experience with. Having comprehensive training and documented knowledge in place can help with the learning curve.
4. Consumer Wearables
As wearable technology becomes more widely adopted by the general population, we’ll likely see more medical data collected through wearables. With so much information being collected and stored on these devices, it’s essential to think about how these devices are manufactured with security in mind. Users of wearable devices often don’t own their data. Instead, it’s usually owned by the company that sells the device. Sophisticated algorithms can now cross-reference wearable-generated biometric data with other “digital traces” of users’ behavior, so healthcare organizations must be aware of the digital traces their work leaves.
Every type of organization across industries has to be mindful of risks and breaches. However, the healthcare industry is particularly vulnerable because of the volume of sensitive personal data involved.
Security regulations are more restrictive in healthcare to protect patients. Organizations need to know what they need to do to remain in compliance and how changes in cybersecurity best practices will shift processes.
3 Security Frameworks Organizations Should Prioritize (Besides HIPAA)
HIPAA is a framework that healthcare organizations abide by because compliance is a requirement, but that isn’t the only framework worth paying attention to. Consider these other frameworks and the impact they can have.
National Institute of Standards and Technology (NIST) Frameworks
NIST provides many information security frameworks that provide a common language and systematic approach for understanding, managing, and communicating cybersecurity risk, and they’re designed to be flexible and adaptable to ever-changing needs. When it comes to healthcare specifically, NIST SP 800-66 is keeping up with the needs of the industry by providing updated guidance for meeting the HIPAA Security Rule. According to the NIST website,
"In an effort to help health care organizations protect patients’ personal health information, the National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the healthcare industry in 2022."
International Organization for Standardization (ISO) 27001
ISO standards are important because they provide a common set of guidelines and requirements that organizations can use to ensure quality and consistency. This is critical in a time when the demand in healthcare is growing, but the resources that professionals have access to are decreasing. By implementing ISO standards, organizations and companies make a proactive commitment to the principles of quality, transparency, accountability, and safety.
ISO 27001 allows you to establish an Information Security Management System (ISMS) which can be an invaluable tool for building your security program from the ground up.
CIS Critical Security Controls
CIS provides organizations with a prioritized approach to securing their networks and systems. These controls are based on the most common attack patterns and are designed to provide a layered defense against cyber threats through an actionable framework.
According to the U.S. Department of Health and Human Services, CIS provides a quick security win for healthcare. Execution of the initial 43 sub-controls can defend against the five major cyber attacks.
How to Demystify Compliance for Your Healthtech Organization
Adapting to current cybersecurity threats, preparing for what’s to come in the future, and staying in compliance through it all is no easy feat. We’re here to help. Whether you’re adding another standard under your belt or just starting your compliance journey, Drata’s compliance automation platform is just what you need to streamline the process. Book a demo to learn more about how to get started.