How to improve defenses against rising cybersecurity threats

Hackers are finding more avenues to access patient data, and providers can better ensure information is protected by using three information lifecycle strategies.



Healthcare providers continue to be plagued by ransomware and other cyberattacks that disrupt operations and impact the quality of patient care they deliver. As the healthcare industry embraces digital transformation to radically change patient care by offering telehealth as well as back-office operations to enhance efficiencies from billing to staffing, providers are several steps behind cybercriminals who are already mastering artificial intelligence to carry out attacks and breaches.

With the rapid advancement of ChatGPT and other generative AI applications, the many ways “bad actors” can use AI to create and launch malware and phishing attacks are accelerating. This leaves the healthcare industry facing a perfect (cyber) storm. For a highly regulated industry that is required to keep patient data private and safe from threats and breaches, healthcare providers are expected to navigate an increasingly complex security threat ecosystem.

Minimizing the threat footprint

In addition to new and evolving threats from AI, the complexity of data management poses its own threats, accelerated by the adoption of cloud computing. A recent Blancco report (in partnership with Coleman Parkes Research) found that healthcare providers now are collecting more data than ever since migrating to the cloud.

As the amount of data piles up, the threat footprint expands. This poses unforeseen threats to HCPs because the highly regulated healthcare industry is required to effectively manage and protect patient data, but they must first determine what data they have on hand, its type, value, location, usage and who should be granted access to each data type.

While the cloud offers many benefits, there are some risks involved in solely trusting the security protections that cloud platform providers have in place to protect sensitive data. Our survey gets to the heart of this issue. When asked about their cloud strategies, 59 percent of healthcare respondents said that their cloud provider handles end of life (EOL) data for them. However, 34 percent do not trust their cloud provider to appropriately manage EOL data on their behalf.

Creating and consistently following policies that manage the entire data lifecycle, from start to EOL, is an important step to minimizing threat footprint. If you’re storing data that’s no longer needed for compliance, legal or financial purposes, but is still of a sensitive nature, or contains personally identifiable information (PII) for a patient or employee, this poses risks that are easily avoidable.

Data lifecycle best practices are critical to healthcare organizations because they are consistently targeted by phishing and ransomware attacks. These attacks not only put patient data at risk, but also impacts the healthcare organization’s viability by risking non-compliance and potential legal fall out.

Take the 2022 Common Spirit Health ransomware attack as an example. Hackers accessed patient data from 100 facilities across 13 states, costing the healthcare system $150 million resulting from business interruptions, insurance recoveries and other related expenses.

The security and data lifecycle connection

The following strategies that can guide healthcare organizations’ IT and security teams to create data lifecycle policies that align with broader information lifecycle management processes and provide cybersecurity protections by minimizing the threat footprint – both on-prem and in the cloud.

Better data storage processes. Healthcare organizations must meet compliance mandates regarding patient care and patient data. However, like many other businesses, healthcare providers adopt bad data storage habits that lead to keeping every piece of data just in case it’s needed in the future or may have some value to the organization. In addition, we live in an era where data is replicated from laptop to iPhone to the cloud. So the same receipt or financial document can “live” in multiple places. Data duplication poses threats to the security profile for healthcare providers, as do regular backups and data archives, which also add to the complexity of the data ecosystem. Processes and policies should exist that help to determine which data is important and must be kept for compliance and legal or tax purposes, and which data is no longer valuable and should be securely sanitized and eliminated – forever.

Deeper understanding of the data. It’s important to understand the data that’s both being created and stored even before cloud migration takes place. But there must be action associated with understanding what leads to the elimination of data lakes, and once identified, the redundant, obsolete and trivial data that is no longer needed, as well as other data deemed unnecessary at the end of its useful life. This process serves a greater purpose – to reduce the organization’s attack surface. The more data on hand, the bigger the threat footprint to monitor and more points of vulnerability and “open doors.”

Beyond processes and understanding. After creating better data storage processes and taking a deeper look at the data being stored on-prem and in the cloud, IT teams must take the final step to ensure the data can’t be accessed by bad actors inside or outside of the organization. Once the data has been classified, insights have been gleaned and redundant, and obsolete and trivial data has been identified, IT teams must perform data sanitization to eradicate this data from hard disk drives and solid-state drives in a way that makes it irretrievable. This will successfully protect the organization against unauthorized data access and meets the tenets of data privacy regulations. After this process is complete, an audit trail and report prove this data has been erased, permanently, and no longer poses a risk to providers, their employees and patients.

Finally, healthcare providers should consider investing in and scaling their security teams and safeguards to address the growing reliance on the cloud. While trusting partners, including cloud providers, is important, it’s also critical to create internal processes that manage the entire data lifecycle. By adopting a “less is more” motto, IT teams can spend more time protecting data deemed necessary and important and less on ROT data that’s increasing the threat footprint.

Russ Ernst is chief technology officer for Blancco.

More for you

Loading data for hdm_tax_topic #care-team-experience...