As hospitals and the health sector as a whole continue to take advantage of the conveniences provided by the latest IOT (Internet of Things) technologies, little attention is focused on the expansive and virtually completely unprotected attack surface evolving from use of these technologies.
A cybersecurity-centric culture and an evolving enforcement of proper cybersecurity hygiene are mandatory to create even the most basic secure environment. Conversations and training centering on HIPAA, health IT, and health-care informatics must include cybersecurity, but sadly they rarely do, and the victims are typically the patients.
Strangely, cyber-attacks such as the Anthem incident and others like it were not technically sophisticated, but rather the exact opposite. Spear phishing, spoofed URLs, and watering hole attacks are the primary means of obtaining legitimate admin credentials, thus offering up one's entire network to hackers on a silver platter. Including the position of CISO is pointless unless the staff is properly trained to identify the ingredients of basic social engineering and malicious attacks.
This series is meant to introduce cybersecurity into the curriculum of those studying HIPAA, health-care IT, and health informatics, as the topics go hand in hand. Yet the health sector and academia as a whole have continued to ignore this reality and therefore continue to be easy targets for hackers and bad actors. A cybersecurity-centric culture must be injected into every aspect of the health sector. Precise and determined effort must be introduced to initiate a mandatory cybersecurity hygiene standard throughout this crucial component of our nation's critical infrastructure.
This series has been authored to intentionally introduce cybersecurity and health IT simultaneously in hopes that the health sector will enforce the same concept to its academic partners.
©2015 James Scott (P)2015 James Scott