The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals impacted since the federal tally commenced in 2009. While there was no large breach last year, such as the Anthem Blue Cross 78.8 million records breach, the number of breaches continues to increase. Hospitals are known to be a soft target making it easy for hackers to gather large amounts of patient data in a single hacking effort.
As cyberattacks and Internet threats continue to rise with the use of web-based healthcare portals and remote patient mobile technology, managing security and compliance across a distributed healthcare organization becomes a daunting task. A typical healthcare patient record includes name, address, social security number, birthdate and health history. With such a wide amount of personal data, a bad actor can open credit accounts or apply for medical care. While a person’s financial identity can be fully restored, healthcare data breaches have a much more personal and longer-lasting impact on victims.
In the end, the attacker’s ability to monetize is predicated upon either disrupting operations or stealing data. A data and application security solution provides the tools to protect your site and specifically to protect the privacy of patient records. These solutions protect the healthcare site from hackers who attempt to breach or disrupt the site and also provide protection to safeguard patient data.
HIPAA and PCI regulations require that you protect patient health and financial data from unauthorized access and breaches. Even if an unauthorized individual gains access to the patient data, these Imperva Data Security solutions help you safeguard your sensitive data at the source across a broad range of data stores.
Databases are scanned for vulnerabilities and misconfiguration, and vulnerabilities prioritized with remediation identified.
The most risky users and assets are identified so that the most serious incidents are prioritized. You can then filter by priority and focus resources on those incidents.
Imperva Web Application Firewall (WAF), named by Gartner as a leading WAF for four consecutive years, analyzes all user access to your web application and protects patient portals and health information exchanges (HIE) from cyberattacks. It protects against all web application attacks including OWASP top 10 threats and blocks malicious bots. It controls which visitors can access your application with traffic filtering based on a variety of factors.
DDoS protection automatically detects and mitigates attacks targeting websites and web applications. Imperva Incapsula is the only service to offer an SLA-backed guarantee to detect and block attacks in under 10 seconds. Our new Behemoth 2 platform blocked a 650 Gbps (Gigabit per second) DDoS flood with more than 150 Mpps (million packets per second), with capacity to spare. Besides handling large volumetric attacks, DDoS Protection specializes in mitigating complex application layer attacks.
In addition to securing patient data these tools enable compliance with industry data protection and privacy regulations, such as HIPAA and PCI. Compliance can be a challenge for the healthcare organizations that must comply with the requirements that are spread over a number of regulations and mandates.
Imperva solutions provide continuous automated compliance with site and data protection and advanced audit and reporting tools. Please refer to the Healthcare Cyber Security Compliance Guide to find out more about how Imperva can provide compliance with regulations for requirements of database, file and web application security.