- Around 50 percent of US healthcare IT pros said their organizations are investing in healthcare data encryption to protect sensitive data, according to a recent survey by network management and security company Infoblox.
Encryption of PHI is not required by HIPAA but is encouraged as an “addressable implementation specification” for protecting PHI, if the covered entity considers it “reasonable and appropriate.” The covered entity can use an alternative means if it achieves the purpose of protecting PHI.
The Infoblox survey of 1,000 IT directors in the US, United Kingdom, Germany, and the UAE, found that 85 percent of healthcare organizations have increased their cybersecurity spending over the past year; 12 percent of organizations increased their cybersecurity spending by over 50 percent.
The most popular security investments by healthcare organizations are antivirus software (60 percent) and firewalls (57 percent).
Half of healthcare organizations have invested in network monitoring to identify malicious activity on the network, one-third have invested in domain name system (DNS) security solutions, while 37 percent have invested in application security.
Only around one-third of healthcare organizations are investing in employee education and email security solutions, even though phishing is a primary attack method for ransomware.
The finding on increased healthcare cybersecurity spending contrasts with a recent study by Black Box Market Research, which found that cybersecurity spending has shrunk as a percentage of annual IT spending by healthcare organizations.
Although not specific to healthcare, the Infoblox survey found that enterprise networks have thousands of shadow personal devices and Internet of Things (IoT) devices connecting to their network.
Around 35 percent of companies in the US, UK, and Germany reported more than 5,000 personal devices connecting to the network each day. Employees in the US and UK connect to the enterprise network to access social media, as well as to download apps, games and films. These practices open organizations up to social engineering hacks, phishing, and malware injection, commented Infoblox.
One-third of companies in the US, UK, and Germany have more than 1,000 shadow IoT devices connected to their network on a typical day, with 12 percent of UK organizations reporting having more than 10,000.
The most common devices found on enterprise networks included fitness trackers, such as FitBit or Gear Fit; digital assistants, such as Amazon Alexa and Google Home; smart TVs; smart kitchen devices, such as connected kettles or microwaves; and game consoles, such as Xbox or PlayStation.
IoT devices are discoverable by cybercriminals online via search engines for internet-connected devices, like Shodan. This access provides cybercriminals with a means of identifying devices on enterprise networks that can then be targeted for vulnerabilities, Infoblox explained.
To protect their organizations, Infoblox recommended that IT teams take the following steps:
Restrict access to certain sites
IT administrators should deploy products that allow them to build safeguards to prevent dangerous activity on the network. For example, deploying products that give security administrators the ability to restrict access to certain types of content will allow for policy enforcement and review of noncompliant activity in the organization.
Also, integrating threat intelligence data into DNS management will enable security teams to monitor and prevent access to newly observed domains. Many new domains will be set up ahead of a phishing campaign, so preventing access to these sites can reduce the risk of employees introducing malware through clicking on insecure links.
Achieve full visibility
IT teams should adopt a product that enables them to manage policy and provide visibility into all devices on premise or remote, as well as the network context required to prioritize action. For on-premise, IP address management system can enable effective management of devices.
Most malware uses DNS to communicate with command and control servers, lock up data for ransom, or steal data. Existing security controls, such as firewalls and proxies, rarely focus on DNS and associated threats, leaving organizations vulnerable to rapidly proliferating attacks.
When secured, the DNS can provide context and visibility, so IT administrators can be alerted of any network anomalies, report on what assets and/or devices are joining and leaving the network, and resolve problems faster.
"Networks need to be a frontline of defense, second only to having good end user education and appropriate security policies. Gaining full visibility into all connected devices, whether on premise or while roaming, as well as using intelligent DNS solutions to detect anomalous and potentially malicious communications to and from the network, can help security teams detect and stop cybercriminals in their tracks," said Infoblox Western Europe Technology Director Gary Cox.