• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, Network Security, News

Misconfiguration is the Most Common Cause of Healthcare System Breaches

A report finds healthcare system breaches caused by system misconfiguration due to human error in cloud infrastructures increased by 424%.

February 18, 2020 Doc Vaidhyanathan Leave a Comment

healthcare system breaches, Misconfiguration

Security breaches often bring to mind malicious attackers hacking into computer systems… But major healthcare system breaches have shown vulns are more often the result of system misconfiguration.

While such breaches cause significant reputational damages, HIPAA fines can add insult to injury, with the healthcare sector average fine of $6.45 million, leading all other sectors.

This creates the double-edged sword of needing to adequately secure protected health information while also maintaining HIPAA compliance and avoiding lawsuits from clients whose records have been breached.

By mid-2019, healthcare cybersecurity breaches had doubled those in the entirety of 2018.

In January 2019, Immediata Health Group discovered it had inadvertently exposed the information of approximately 1.56 million patients because, as their incident report indicated, “a webpage setting…permitted search engines to index internal webpages that are used for business operations.”

In February, the University of Washington Medicine announced it had exposed the information of approximately one million patients because of the accidental removal of website server protections, again exposing files to indexing by search engines.

These are not isolated experiences, as a 2017 IBM security report noted that breaches caused by healthcare system misconfiguration due to human error in cloud infrastructures had increased by 424%.

Additionally, Gartner analyst Neil MacDonald estimated that by 2020, “80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.”

Healthcare System Misconfiguration

Why has misconfiguration become such a problem in the healthcare industry? One of the major causes is the complexity of systems as they migrate to the cloud or hybrid environments.

While these environments make organizational processes more user-friendly and efficient, they also introduce new and increasing vulnerabilities, proliferating weaknesses that might allow entry.

The growth of technological infrastructures increases vulnerability points, and, in the context of the growth of the internet of things (IoT) and the use of IoT devices in healthcare systems, the vulnerabilities in healthcare infrastructures increase exponentially.

Read Next: 5 Tips for Choosing Campus Security Cameras

Additionally, new application architectures and infrastructures are being created for cloud-native applications, which increases the surface area of attacks.

Finally, as organizations grow, the number of people with access to sensitive information – including employees, partners and clients – increases the potential for human error or negligence.

To use a metaphor, vulnerabilities are tantamount to the doors and windows in a house: these are points through which thieves might enter your house to steal your valuables. As the number of doors and windows increases, so do the opportunities for thieves to get in.

Moreover, as the number of people who have keys to the house increases, the greater the chance somebody forgets to lock a door or close a window.

Solving the Issue of Misconfiguration

A documented security policy isn’t enough: cybersecurity assurance requires that relevant security systems, and configurations to support the policy, have been implemented across infrastructures.

Verifying this is extremely difficult in today’s dynamic IT environment, which is why most security breaches exploit relatively simple security configuration and process failures.

What is needed is a new approach to dynamically validate the security posture, removing manual implementations that create the possibility of human error in configuration and regulatory compliance.

To do this continuously and repeatedly is a huge challenge for companies today. A key healthcare system solution lies in using a HIPAA-compliant automated security system.

Doc Vaidhyanathan is a security systems and authentication expert. He leads product development at Spanugo, addressing the security assurance needs of hybrid data centers for enterprise operations.

Continuing with the house metaphor above, the automated system checks that all the windows and doors are closed and notifies you when they aren’t, while also making sure that only authorized individuals have keys.

With healthcare systems and data, this would mean notifying you of human errors in configuration, such as storage buckets being accessible to the public, passwords being left blank, or database misconfiguration.

An automated system would check on an ongoing basis that such healthcare system misconfiguration errors or security policy violations have not taken place.

It would also ensure users are only granted the necessary access to data their jobs require or are permitted, while also preventing unauthorized users from sending packets into the data environment that might contain malicious software.

Automated systems also solve two further issues related to compliance. First, they can make sure your health data infrastructure is sector-compliant with HIPAA regulations.

Second, and included in HIPAA regulations and security practices, they can constantly monitor and audit your infrastructure, including for the purposes of updating configurations in real-time, enforcing security/compliance policies, and maintaining compliance as HIPAA regulations change.

This story premiered on our sister site, Campus Safety.

Tagged With: Programming, Systems Monitoring

Related Content:

  • Barracuda networks ransomware, cyberinurance Ransomware Actors May Be Targeting Organizations With Cyber…
  • Bitwarden Secrets manager Bitwarden Releases Beta of Secrets Manager for DevOps…
  • AVer PTZ cameras, the PTZ310UNV2 and PTZ310UV2. AVer Introduces 4K 12X AI PTZ Cameras
  • Cisco Webex Board Pro, MIcrosoft Teams, Webex You Can Now Natively Run Microsoft Teams Rooms…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.