• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
Compliance, Network Security, News

Misconfiguration is the Most Common Cause of Healthcare System Breaches

A report finds healthcare system breaches caused by system misconfiguration due to human error in cloud infrastructures increased by 424%.

February 18, 2020 Doc Vaidhyanathan Leave a Comment

healthcare system breaches, Misconfiguration

Security breaches often bring to mind malicious attackers hacking into computer systems… But major healthcare system breaches have shown vulns are more often the result of system misconfiguration.

While such breaches cause significant reputational damages, HIPAA fines can add insult to injury, with the healthcare sector average fine of $6.45 million, leading all other sectors.

This creates the double-edged sword of needing to adequately secure protected health information while also maintaining HIPAA compliance and avoiding lawsuits from clients whose records have been breached.

By mid-2019, healthcare cybersecurity breaches had doubled those in the entirety of 2018.

In January 2019, Immediata Health Group discovered it had inadvertently exposed the information of approximately 1.56 million patients because, as their incident report indicated, “a webpage setting…permitted search engines to index internal webpages that are used for business operations.”

In February, the University of Washington Medicine announced it had exposed the information of approximately one million patients because of the accidental removal of website server protections, again exposing files to indexing by search engines.

These are not isolated experiences, as a 2017 IBM security report noted that breaches caused by healthcare system misconfiguration due to human error in cloud infrastructures had increased by 424%.

Additionally, Gartner analyst Neil MacDonald estimated that by 2020, “80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.”

Healthcare System Misconfiguration

Why has misconfiguration become such a problem in the healthcare industry? One of the major causes is the complexity of systems as they migrate to the cloud or hybrid environments.

While these environments make organizational processes more user-friendly and efficient, they also introduce new and increasing vulnerabilities, proliferating weaknesses that might allow entry.

The growth of technological infrastructures increases vulnerability points, and, in the context of the growth of the internet of things (IoT) and the use of IoT devices in healthcare systems, the vulnerabilities in healthcare infrastructures increase exponentially.

Read Next: 5 Tips for Choosing Campus Security Cameras

Additionally, new application architectures and infrastructures are being created for cloud-native applications, which increases the surface area of attacks.

Finally, as organizations grow, the number of people with access to sensitive information – including employees, partners and clients – increases the potential for human error or negligence.

To use a metaphor, vulnerabilities are tantamount to the doors and windows in a house: these are points through which thieves might enter your house to steal your valuables. As the number of doors and windows increases, so do the opportunities for thieves to get in.

Moreover, as the number of people who have keys to the house increases, the greater the chance somebody forgets to lock a door or close a window.

Solving the Issue of Misconfiguration

A documented security policy isn’t enough: cybersecurity assurance requires that relevant security systems, and configurations to support the policy, have been implemented across infrastructures.

Verifying this is extremely difficult in today’s dynamic IT environment, which is why most security breaches exploit relatively simple security configuration and process failures.

What is needed is a new approach to dynamically validate the security posture, removing manual implementations that create the possibility of human error in configuration and regulatory compliance.

To do this continuously and repeatedly is a huge challenge for companies today. A key healthcare system solution lies in using a HIPAA-compliant automated security system.

Doc Vaidhyanathan is a security systems and authentication expert. He leads product development at Spanugo, addressing the security assurance needs of hybrid data centers for enterprise operations.

Continuing with the house metaphor above, the automated system checks that all the windows and doors are closed and notifies you when they aren’t, while also making sure that only authorized individuals have keys.

With healthcare systems and data, this would mean notifying you of human errors in configuration, such as storage buckets being accessible to the public, passwords being left blank, or database misconfiguration.

An automated system would check on an ongoing basis that such healthcare system misconfiguration errors or security policy violations have not taken place.

It would also ensure users are only granted the necessary access to data their jobs require or are permitted, while also preventing unauthorized users from sending packets into the data environment that might contain malicious software.

Automated systems also solve two further issues related to compliance. First, they can make sure your health data infrastructure is sector-compliant with HIPAA regulations.

Second, and included in HIPAA regulations and security practices, they can constantly monitor and audit your infrastructure, including for the purposes of updating configurations in real-time, enforcing security/compliance policies, and maintaining compliance as HIPAA regulations change.

This story premiered on our sister site, Campus Safety.

Tagged With: Programming, Systems Monitoring

Related Content:

  • AT&T Coordinated Emergency Response Solution Chosen By Florida…
  • Microsoft Microsoft Acquires Healthcare AI, Voice Recognition Company
  • Website Contact Form Malware Malicious Cyber Actors Using Website Contact Forms To…
  • Digital Projection Recreational Projection in Downtown Atlanta

Free downloadable guide you may like:

  • Tackling the Virtual Culture Dilemma

    COVID-19 has turned much of our lives upside down. At over one year into the pandemic, many of us are still working from home, which has been the biggest change of them all. Going from a structure routine and in-person offices to chaotic home offices nestled into the corner of our living rooms, there has […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Tackling the Virtual Culture Dilemma

COVID-19 has turned much of our lives upside down. At over one year into the pandemic, many of us are still working from home, which has been the b...

These Are THE Key Issues For CIOs in 2021

In this new research survey from The Hackett Group, it was found that IT priorities are geared up for an aggressive and accelerated transformation ...

These Are The 2021 Trends in Control Rooms And Operation Centers

Join Shelley Johnson, Principal Engineer at The MITRE Corporation, Shane Vega, National Business Development Manager at AVI-SPL, and Dan Griffin, V...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2021 Emerald X, LLC. All rights reserved.