ICIT Brief: Hacking Healthcare IT in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach

Hacking Hospitals CoverAmong all of America’s critical infrastructures, the healthcare sector is the most targeted and plagued by perpetual persistent attacks from numerous unknown malicious hackers. The goal of these threat actors is to exploit vulnerabilities in insecure and antiquated networks in order to exfiltrate patient data for financial or geopolitical gain. In order to protect patient privacy, healthcare organizations and their supply chains must better understand the growing attack surface and the technologies and solutions which can improve their ability to respond to unauthorized network access.

In this brief, entitled “Hacking Healthcare IT in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach”, the Institute for Critical Infrastructure Technology provides a comprehensive assessment of the threats and healthcare trends which have the greatest impact on health sector security, as well as solutions and strategies to improve resiliency. The report draws from the OPM breach, which is a prime example of the enormous consequences an organization can face by not maintaining and protecting integrated systems.  Specifically, this brief details:

  •  The Healthcare System’s Adversaries (script kiddies, hacktivists, cyber criminals, cyberterrorists and Nation State Actors)
  • A Multi-Pronged Approach to Meaningful Cybersecurity (people, policies & procedures and technical controls)
  • Healthcare in a Digital Age (IoT, sensors, telehealth, remote monitoring, behavior modification devices, embedded devices, mobile applications and data sharing in the Cloud)
  • Legislation & Collaboration (21st Century Cures Act, telehealth solutions for veterans, telehealth access expansion, prescription drug monitoring, EHR interoperability, mHealth IRB)

The following ICIT Fellows & thought leaders contributed to this brief:

  • James Scott (ICIT Senior Fellow – Institute for Critical Infrastructure Technology)
  • Drew Spaniel (ICIT Visiting Scholar, Carnegie Mellon University)
  • Dan Waddell (ICIT Fellow – Director, Government Affairs, (ISC)2)
  • Jon Miller (ICIT Fellow – V.P Strategy, Cylance)
  • Rob Bathurst (ICIT Fellow – CISSP, Professional Services Director, Cylance)
  • Malcolm Harkins (ICIT Fellow – Global Chief Information Security Officer, Cylance)
  • Greg Cranley (ICIT Fellow –  Sr. Director of Federal, Centrify)
  • Danyetta Magana (ICIT Fellow – President, Covenant Security Solutions)
  • Seth Nylund (ICIT Fellow – V.P. Federal, Exabeam)
  • Michael Seguinot (ICIT Fellow – Regional Sales Director, Exabeam)
  • Steve Curren (Acting Director, Division of Resilience, HHS)
  • Rob Roy (ICIT Fellow – Public Sector CTO, Hewlett Packard Enterprise)
  • Stan Wisseman (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
  • Montana Williams (ICIT Fellow – Cybersecurity Evangelist, ISACA)
  • Jerry Davis (ICIT Fellow & CIO, NASA Ames Research Center)
  • Kevin Stine (Manager, Information Technology Laboratory (Security Outreach and Integration, NIST)
  •  Elisabeth George (ICIT Fellow – V.P. Global Regulations & Standards, Philips)
  • John Menkhart (ICIT Fellow – V.P Federal, Securonix)
  • Stacey Winn (ICIT Fellow – Sr. Product Manager, Raytheon / Websense)
  • Ashok Sankar (ICIT Fellow – Security Evangelist, Raytheon / Websense)

Download the brief HERE

Leave a Reply