The proliferation of healthcare internet-of-things (IoT) devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal personally identifiable information (PII) and protected health information (PHI), in addition to disrupting healthcare delivery processes, according to the Vectra 2019 Spotlight Report on Healthcare.
“Healthcare IT security teams are often kept in the dark and behind the curve when it comes to changes in infrastructure. For example, new medical devices are often connected to the network without informing IT security teams. Gaps in IT security policies and procedures make it easier for healthcare staffs to make unintentional errors that result in exposure and increased security risk. This can take the form of improper handling and storage of patient files, which is a soft spot for cybercriminals in search of weaknesses to exploit,” says Chris Morales, Head of Security Analytics, Vectra.