Johns Hopkins University School of Medicine CISO cautions: Third-party patient services pose cyber risks

According to the Johns Hopkins University School of Medicine CISO, Darren Lacey, use of third-party patient services in health care centers will pose cyber risks for years.

Speaking at the recent HIMSS (Healthcare Information and Management Systems Society) Healthcare Security Forum in Boston, Lacey said, “Third-party issues are going to a problem for a long time, especially as we try to integrate patient portals, health information exchanges, and those types of things.”

At the forum, attendees from leading healthcare organizations discussed several cyber risks to the healthcare profession. It was determined that smaller centers are more susceptible to attacks, as they lack the resources of larger ones. However, bigger centers do not move at the appropriate pace to implement the necessary precautions.

“About 80 percent of health care vendors are only focused on a niche area of healthcare, such as scheduling or lab results,” said David Finkelstein, CISO at St. Luke’s University Health Network.

They are often given a specific budget to their product, which does not always include funds for cybersecurity.

Health care centers are often targeted by cyber criminals, including nation states, because their servers house medical research.

Johns Hopkins’ CISO warns of information security dangers

Lacey also said, “Every web server is under continuous attack, […] You’ve got to solve your web server problem.” Lacey continued: “When you have a small information security program, there is often no consistent practice. As an industry, we need to start thinking about how we help these people out.”

Conference attendees concluded that criminals have become more efficient with their methods. As a result, health care organizations must put the proper mechanisms in place to safeguard their data.

Health care centers must learn if their networks invite attacks

Breaking into systems can be relatively simple if someone has not properly patched and secured systems against the latest threats. However, keeping systems up to date has become increasingly difficult. Medical centers and other organizations need to remain one step ahead of the criminals. One way is using IT Governance USA’s penetration testing services.  

Penetration testing identifies configuration issues that could help an attacker gain access to a system. As part of our network penetration testing service, one of our industry-certified penetration testers will conduct a thorough technical test of your organization’s network, identifying exploitable vulnerabilities, and suggest remedies.

Speak to an expert today >>