The McAfee Labs’ 2014 Threats Predictions report spanned a number of different areas of concern in IT security. Though, by nature, a company such as McAfee makes its business on ensuring the public knows the potential threats and how its products can reduce risk, the report can certainly offer reminders of current vulnerabilities that hackers are looking to exploit.
The report was industry-agnostic, so some areas were more applicable to healthcare than others. Though essentially all items in the report have likely popped up in different forms across the healthcare industry, the most prevalent threats in healthcare were mobile security, social attacks, big data and cloud applications.
McAfee said that mobile malware will continue to grow in 2014, as it did in heavily in 2013 on the Android platform, but the types of attacks will also be a point of emphasis this year. It referenced mobile ransomware attacks (where data is stolen and encrypted until a ransom is paid), but any point about mobile security these days should include how to approach BYOD. Malware is a big problem for BYOD users, as potential threats could compromise an organization’s network security. As noted in the 2013 HIMSS Privacy and Security Forum, there are a number of considerations for healthcare providers that allow BYOD.
Similar to mobile technology, the line between enterprise users and consumers is becoming less clear as time goes on. With that in mind, hackers can utilize social media platforms such as Facebook, LinkedIn or Twitter and compromise user data (while stealing their password) to pull users’ connections and try to steal their passwords and personal information. Having specific policies in place can help avoid confusion, as the Rhode Island Board of Medical Licensure and Discipline (BOARD) did for Rhode Island healthcare providers.
With new big data analytics capabilities comes responsibilities to secure those platforms. While McAfee said that vendors will ramp up their offerings to add threat-reputation services and other tools to make threat awareness a more efficient process, much of this will come down to how healthcare organizations use these tools. Many are taking advantage of data analytics and beginning to reap the benefits, but threats are consistently evolving along with new technologies so awareness is a significant part of big data decisions. As Deven McGraw discussed with HealthITSecurity.com, big data privacy v. innovation is an ongoing debate and understanding how sensitive data should be handled is important.
Last, but clearly not least, is cloud computing. Ironically, many organizations that are cloud-opposed actually use cloud applications every day. To this point, cloud application threats haven’t been prominent in healthcare. But smart healthcare organizations have their ducks in a row if and when there are security vulnerabilities. Whether an off-premise server is hacked is out of their control, but having a business associate agreement in place that ensures their cloud provider, also a business associate (BA), is just as responsible for loss of data can add peace of mind. For example, read here why University of Colorado Health (UCHealth) decided to deploy Microsoft 365, which is essentially hosted versions of Office’s server platforms offered as Software as a Service (SaaS).