The world is becoming more digital, and the health care landscape is no exception. While the proliferation of mobile devices in hospitals and other caregiving facilities can improve the productivity of workers and make it easier for physicians to access critical information on patients, the unfiltered presence of those platforms and the applications they utilize can introduce substantial cybersecurity concerns.
InformationWeek recently highlighted a new SANS Institute survey that looked into millions of endpoints throughout the health care environment, revealing numerous patching problems and fundamental vulnerabilities in the mobile device realm that could compromise personal and financial data integrity, as well as the reputations of the organizations in question. Specifically, experts told InformationWeek that approximately 375 health care networks were compromised by attackers during the 13-month research period.
"We were shocked at [the number of] devices that were wide open to the Internet that would provide adversaries with considerable power and access not only for a breach, but – for those who are skilled – even to conduct malicious acts," cybersecurity expert Sam Glines told InformationWeek.
While there seem to be a number of factors contributing to the growing risk facing the health care IT security environment, poorly configured and generally unsafe devices are largely to blame.
The problem with careless devices
While the term "device" is widely associated with smartphones and tablets, the concept also includes routers and other technologies used to connect to the Internet. Routers in particular are a common link in the poor cybersecurity chain. Citing experts from security firm Tripwire, InformationWeek noted that many platforms are unsafe straight out of the box, which suggests that if organizations do not take any proactive measures to mitigate risk, they may encounter severe vulnerabilities down the line.
"All of these compromised devices, not only are they available to be used for a breach of data, but they're also used as attack points against other adversaries," Glines told InformationWeek.
In other words, unsafe devices provide cybercriminals with more launch pads for attacks on confidential networks and IT environments that house highly confidential information. One of the best ways to combat these challenges and other vulnerabilities being introduced to the health care industry is to ensure the embedded software within those devices is secure and robust enough to mitigate risk on multiple levels.
Developers who are charged with the responsibility of creating and launching applications in the health care realm must be sure the end products they create are not vulnerable in any way. This means utilizing code review platforms that provide developers, quality assurance and other professionals insight from multiple perspectives throughout the development process. When these technologies are used correctly, applications are generally produced with fewer weaknesses than if developers streamlined the process without any input from others.
As the Internet of Things grows more pervasive, health care executives must be prepared to combat an increasingly sophisticated digital threat landscape. Taking a robust and comprehensive approach to cybersecurity will be among the only ways to mitigate risk.