Unified Communications Manager Cloud for Government (UCM) – Formerly Hosted Collaboration Solution for Government (HCS-G)

Iron Bow’s UCM (formerly HCS-G), powered by Cisco, is a FedRAMP Authorized cloud-based collaboration service built to help you improve communication capabilities, empower your mobile workforce, meet cloud-first mandates and maintain stringent security standards. Check out this video and see how we can help your agency overcome key IT and business challenges.

See what VDI can do for your agency.

The case for Virtual Desktop Infrastructure (VDI) has never been stronger. Agencies are looking for better approaches to securing and managing end-user devices. Check out this infographic and see what’s driving the interest in VDI solutions—and what concerns are slowing agencies down.

@Iron_Bow
About TechSource

Welcome to Iron Bow's TechSource, a blog about the issues facing the government and industry today and the technologies being adopted to help overcome them.

Six Healthcare IT Transitions: The Hackers Delight

Rajesh Vargheese, Cisco

February 13, 2015  |  Cyber Security  •  Telehealth


 

From FDA (Food and Drug Administration) to FBI (Federal Bureau of Investigation), they see a core issue bubbling up: The vulnerability of healthcare systems to cyber-attacks. Both agencies have issued an advisory in this regard in the last  year.

FDA Advisory was focused on medical devices and hospital networks, while the FBI’s communication is focused on hackers attempting to hack personal medical records and health insurance data and even goes to calling out the gaps in resiliency to cyber-attacks as compared with other sectors such as financial and retail sectors.

In addition, looking at statistics from datalossdb.org, the healthcare sector has consistently been in the top three sectors that have had the most incidents.

But the question is, why now?

This is where the correlation with the healthcare IT transition time lines adds up. It’s the other side of healthcare IT transitions that we looked at in the previous part (At the security cross roads of Healthcare reforms and IoE – 6 Healthcare IT Transitions) of this blog series – the threat that have emerged from open anywhere, anytime, any device access which has enabled convenience and transformational experience to patients and care teams.

Let’s see an example of the changing dynamics of some of these transitions from a hackers perspective by analyzing one of these transitions: Transition from Paper charts to EMR and enabling anywhere anytime, any device access to my care teams and my patients.

Picture4
Healthcare IT Transitions and their Security Implications (1-3 of 6)
Picture5
Healthcare IT Transitions and their Security Implications (4-6 of 6)

In the old paper charts days, if someone had to access my personal record, he had to penetrate through the physical safeguards that have been enforced by the hospital including secure access to the location where the paper files are stored. In this situation, while it might be possible for an insider to breach my privacy, it is difficult for a hacker sitting across the globe. Also, if someone wanted to change the reading of one of my vital signs, he had to manually access the paper chart and manually edit the readings.

Now let’s look at the same scenario in a changed environment after the transitions. A hacker sitting across the globe has almost the same access as a patient if he can leverage one of the many attack vectors. Similarly, he has so many options to exploit to modify the data including when the data is in motion or when the data is in rest at multiple places. Once the access location is a home, it’s hard to imagine what type of device is going to be used and what level of protection is available – the 26 percent of PCs still running Windows XP is a classic example.

As the saying goes – “You are only as strong as your weakest link,” all it takes is such vulnerable access points for hackers to penetrate the system. The internet of things only expands this equation even further by adding more devices, connectivity points and interactions. The above slides highlight some of the security challenges that have emerged with each of these transitions.

The old methods of securing are going to fall short; new innovative methods are required to secure the data. Dynamic learning threat defense systems that perform rapid detection based on flow, signature, behavior, packet capturing techniques in addition to security policies and protection schemes are only the starting points. Visit Cisco’s security offerings to learn more about how to enable healthcare transitions securely.

Are you prepared to handle these healthcare IT transitions securely?


TechSource in your Inbox

Sign-up here to receive our latest posts by email.

  • This field is for validation purposes and should be left unchanged.