A Vulnerable Industry
An estimated 30 million healthcare records have been compromised to date. Data breaches in the healthcare sector result from device theft, employee negligence, or penetration of networks by complex, evasive threats, such as advanced targeted attacks. While healthcare organizations are held to strict standards of privacy and security by HIPAA, HITECH, HIMSS, and other regulations, they are faced with multiple security challenges — ranging from increased collaboration among healthcare providers and partners to informal BYOD policies to outdated security defenses.
In the cyber underground, healthcare data records are highly prized. While credit card information typically fetches $1 per record, a protected health information (PHI) record, which contains a full identity profile, including a Social Security number, is worth 20 to 50 times as much.
Challenges: High-Value PHI at Risk
- PHI is sharedPatient records are routinely shared within and outside the walls of a healthcare organization. For example, a hospital may circulate PHI with insurance companies, other medical groups and clinics, labs, and partners—and these third parties may not have effective security defenses in place.
- Threats are customizedToday’s modern threats are targeted, sophisticated, and evasive. Most are able to bypass signature-based defenses with a slight change in code that alters the threat’s fingerprint. Spear-phishing emails in particular are a challenge for healthcare organizations.
- Personal devices are usedEmployees often use unsecured personal devices to move data. Some healthcare organizations lack clearly defined BYOD policies and security controls. Employees may use non-corporate laptops or PCs to email sensitive patient data via unsecured networks or share it on Dropbox or other unauthorized cloud services.
- Endpoints are under-securedAttackers are targeting endpoints as a way into the infrastructure. Once an unsecured healthcare worker’s PC is compromised, threats can spread across the network and find their way to servers containing valuable PHI data.
- IT departments are under-resourcedHealthcare organizations are devoted to health and wellness, so security sometimes takes a backseat. IT teams are stretched thin and are challenged to keep up with security patches, leaving systems vulnerable to attackers.
- Devices are lost or stolenAccording to Verizon, 46% of data breaches in the healthcare sector result from theft or loss of laptops and other devices.
Bromium: The Endpoint Security Remedy
Bromium’s revolutionary isolation approach is far more effective than detection-based solutions like antivirus, whitelisting, Web gateways and sandboxes. Instead of trying to keep up with malicious actors, healthcare organizations can render attacks irrelevant by eliminating the attack surface.
- Prevent breachesOur breakthrough isolation technology creates a disposable micro-virtual machine for vulnerable operations, like Web browsing or opening documents or attachments. Tasks are isolated from the host system, so there’s no need for detection or behavioral analysis—and the possibility of compromise is eliminated. If malware is on the website or in a document, it is contained in our micro-virtual machine, and it is discarded when the task or session is complete, so your endpoint, your network, and your infrastructure are not compromised.
- Click on anythingHospital workers and other healthcare professionals can access the tools and technologies they need to deliver the best possible care and services. They can share documents, open attachments from third parties, and work from any location without having to worry about the security or privacy of PHI.
- Streamline securityBusy IT departments at healthcare organizations no longer drown in a sea of false alerts. Urgent security patching and remediation is also dramatically reduced, freeing up IT’s time for more strategic projects.