Last week, PAN Vice President Dan Martin wrote about trends at leading healthcare event HiMMS, which takes place this year the same week as the premier security industry event RSA Conference. We anticipate a lot of similarities in the themes discussed at both events, as healthcare security continues to be an increasingly hot topic. Here are the top healthcare security trends we are looking at as RSA approaches.
Internet of Things
In a pre-RSA Conference blog post last year, we wrote about the emergence of new concerns around the security of Internet-connected medical devices – for example security expert and diabetic Jay Radcliffe hacking into his own insulin pump, and the fictional hacking of the Vice President’s pacemaker on the TV show Homeland. In August 2015, these threats became all too real when the U.S. Food and Drug Administration called for hospitals to discontinue use of infusion pumps due to security vulnerabilities.
Back in November, I wrote that IoT will pose a challenge to organizations as they deal with security concerns. As more and more hospital devices are connected to the Internet, concern that these devices could be hacked will only increase. According to PwC’s Health Research Institute's 2015 consumer survey, consumers are especially concerned about the vulnerability of connected medical devices to security breaches and cyber attacks. At RSA Conference, Forrester Analyst Christopher Sherman will dive into these issues in a session titled, Separating Fact From Fiction: The Real Risks Within Medical Device.
Data Privacy
Concerns over the security of patient data are only increasing as well. The recent Shadow Data Report from Elastica, a Blue Coat Company (Blue Coat is a PAN client), found that Protected Health Information (PHI) dominates the healthcare and pharmaceutical industries at 52 percent of all sensitive documents. Alarmingly, leakage of PHI documents is potentially more devastating than the leakage of Personally Identifiable Information (PII) or Payment Card Information (PCI) data, as it often includes a richer source of data that can be exploited for phishing and other social engineering attacks.