Data breaches in the healthcare industry are rising dramatically, and not nearly enough is being done to secure patients’ private health information (PHI). The statistics are damning:
- Since 2009, one in every three Americans has had their PHI compromised.
- In the past two years, 90% of facilities have had one breach, and 40% have had five breaches.
- Healthcare data was the most common type of data breached in 2015
This is only the beginning. Historically, cyber security in the healthcare industry has been woefully inadequate:
- The healthcare industry continued to use paper records long after other industries had switched to digital technology; in many cases, facilities adopted electronic health records (EHRs) only after government mandates forced the issue.
- Many healthcare facilities still run outdated legacy systems and software that are difficult or impossible to patch or update; in some cases they are no longer supported by their manufacturers.
- A single hospital could have thousands of internet-connected terminals used by hundreds of employees who, in most cases, have received little or no training on cyber security awareness or procedures.
- Many small and mid-sized facilities see information technology as a burdensome cost to be minimized rather than a powerful tool to provide better patient care. Thus, they do not allocate adequate monetary or human resources to any aspect of IT, including information security
With all of this in mind, it’s not surprising that a study of mid-sized hospitals by the Health Information Trust Alliance found that 52% had systems that were infected by malicious software.
Healthcare data is arguably even more attractive to hackers than credit card information. If a credit card number is stolen, the bank can cancel the card, and the cardholder is not held responsible for fraudulent charges. An EHR, on the other hand, contains multiple pieces of information, including the patient’s Social Security Number and other sensitive personal data that cannot simply be “cancelled.” This leaves the patient vulnerable to identity theft and is worth more on the black market.
Intruno’s Virtual Intelligent Eye: The Next Generation of Behavior Analysis
Many people picture hackers typing away at computers and seeking “back doors” into systems, but in reality, 95% of the time, hackers walk right in using perfectly legitimate logins and access credentials. Behavior analysis – the process of establishing a baseline pattern of user behavior and investigating anything that deviates from that norm – is the single best way to shield against the theft and misuse of login credentials. It is much more difficult to perfectly mimic an individual user’s behavior than to compromise an encryption algorithm, and once a baseline pattern has been established, any attempts by rouge users to deviate from it will trigger an alert.
Financial institutions have been using behavior analysis techniques for years to defend against stolen credit cards; when a card’s activity pattern suddenly changes, such as the card being used in a different location or to make purchases that seem suspicious, an alert is triggered, and the bank contacts the cardholder to ensure the charges are legitimate. However, until very recently, this type of technology was very expensive, and its applications and effectiveness were limited.
Finally, thanks to rapid advancements in artificial intelligence and machine learning over the past five years, behavior analysis can be used to protect healthcare systems against breaches – and only Intruno is offering this cutting-edge technology through its patented Virtual Intelligent Eye.
Machine Learning Meets AI: Real-Time Behavior Analysis & Threat Monitoring
A technological impossibility until very recently, the Virtual Intelligent Eye combines artificial intelligence with advanced machine learning algorithms to provide real-time behavior analysis and anomalous user access monitoring. Our all-seeing eye detects not only outside hackers using stolen credentials but also insiders who have “gone rogue.”
The Virtual Intelligent Eye works by generating a digital “fingerprint” for every single login by every single user in every single application and database, recording the “who, what, when, where, why, and how” and establishing a baseline behavior pattern for all system users and interactions. After a pattern has been established, the Virtual Intelligent Eye detects deviations and notifies security personnel in real-time so that immediate action can be taken. This allows our system to detect 9 out of 10 breaches, as opposed to the 3 out of 10 detected by current alternatives.
Simple, Scalable, and Affordable
Although the Virtual Intelligent Eye employs highly advanced technology that was pure science fiction only a few years ago, the system itself is simple, highly scalable, and rapidly deployable – all at a price-performance-value point that is affordable even for small and mid-sized organizations. The Virtual Intelligent Eye has very low resource requirements; it can be deployed to a secure private or public cloud (or in-premise) and be fully operational within only a few weeks. It is compatible with over 100+ top healthcare applications and databases, including McKesson, SAP, Epic, GE, Cerner, Allscripts, AthenaHealth, and eClinicalWorks, and its real-time visual and print reporting meets HIPAA and HITECH regulations and compliance requirements.
The healthcare industry is built on trust. Patients trust their healthcare providers with their lives and health – and these days, with the security of their personal information. A data breach can put your patients at risk of identity theft – and the good reputation of your facility on the line. Don’t try to combat today’s cyber security threats with yesterday’s technology; call Intruno today to find out more about our Virtual Intelligent Eye and how it can protect your organization and the patients it serves.