Healthcare entities and employees ‘must overcome cybercrime’
Boasting world-class data protection capabilities has never been more essential for companies across industries. While tremendous cyber security advancements have been made, unprecedented transformation has inadvertently instigated significant rises in ransomware attacks. Select sectors and organizations within are strategic targets now more than ever – and healthcare is a primary area of interest to hackers.
Kingston Technology, an affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, is calling on healthcare entities to enhance their preparedness and prevent unauthorized access to confidential information.
With the collective healthcare community experiencing a sharp increase in breach attempts, Kingston Technology insist that the very latest hardware encrypted products can prove invaluable for safeguarding Protected Health Information (PHI).
“Cybercrime is one of the most pressing and concerning issues healthcare must manage and overcome – now and in the future,” explained Antoine Harb, Team Leader, Middle East and North Africa, Kingston Technology. “New threats are emerging continuously and the sector has never been under greater pressure to prevent breaches. Hackers have identified the value of compromised healthcare data. The volume of attacks is increasing substantially and this is major cause for concern.
“However, healthcare entities are well aware of the potential legal and reputational consequences should PHI be compromised,” explained Antoine Harb, Team Leader, Middle East and North Africa, Kingston Technology. “From the very top levels of leadership down, we see a real determination to repel these threats, which is warranted and prudent given the cost implications of failing to meet data protection rules, regulations, and requirements.”
For healthcare entities, the reality is clear: PHI must be protected at all costs. The 2023 IBM Cost of Data Breach Report provided a stark illustration of the consequences should PHI be compromised, highlighting the average cost of a healthcare data breach globally reached $10.93 million in 2023. This was the highest among all industries and represents a drastic increase of 53.3% in just three years.
In the Middle East, the cost implications are not far behind, reaching $9.186 million this year. This is higher than regional record-high average of $8 million including all sectors.
“While critical to the sustainable operation of all healthcare facilities, PHI is in high demand on the black market,” continued Harb. “Breaching hospital or other healthcare facility systems and acquiring such sensitive and classified information represents an opportunity for malicious actors to receive significant sums of money and meet their cyber-business objectives. As a result, cyber attacks are on the rise. They are being experienced with record frequency and adequate protection is a non-negotiable necessity.”
A standout example highlighting the need for adequate projection transpired in 2021 when the Dubai Moorfields Eye Hospital experienced a cyberattack. Ransomware group ‘AvosLocker’ claimed responsibility after 60GB of data was stolen, compelling the hospital to contact affected patients as various forms of PHI were decrypted.
However, fast-forward to 2023 and many healthcare entities could experience similar infringements given outdated security measures. Earlier this year, a credible report found that 72% of top hospitals in the UAE and Saudi Arabia are falling behind on basic cybersecurity measures, with only 28% boasting the required level of protection[1].
Furthermore, the professionals within healthcare facilities are also liable for safeguarding PHI. As per the Health Insurance Portability and Accountability Act of 1996 (HIPAA), they are bound by law to protect PHI from being disclosed without patient knowledge or consent.
Aside from criminal penalties including prison sentences and/or substantial fines when disclosed intentionally, violating HIPPA rules and regulations unintentionally can also be costly. For instance, a maximum fine of $25,000 per year can be issued if an individual was unaware that they were committing a violation.
Kingston Technology is adamant in its stance that password-protected, hardware-encrypted USB drives are the best, most secure method for meeting data protection regulations and operating with world-class data defense. Forged to be secure, the company’s Kingston IronKey product line caters to healthcare entities of all kinds – ensuring the necessary protection to dispel cyberattacks.
Among those most prudent for healthcare sector organizations is the Kingston IronKey D500S hardware-encrypted USB flash drive, which features flagship military-grade security that makes Kingston IronKey the trusted brand to safeguard classified information. A complete security solution for high-value data protection, data is encrypted and decrypted on the D500S without any trace left on the host system and offers more features than any other drive in its class.
Others include drives from the Kingston IronKey Keypad 200 series, which are OS-independent, hardware-encrypted USB Type-A and USB Type-C drives with an alphanumeric keypad for easy-to-use PIN access. The KP200 incorporates XTS-AES 256-bit hardware-based encryption and boasts enhancements that further raise the bar for data protection. Its circuitry is covered by a layer of special epoxy that makes it virtually impossible to remove components without damaging them, and the drive is designed to be tamper-evident to alert owners.
“Healthcare entities and their employees must protect the data they are entrusted with,” added Harb. “Whether intentionally or accidentally, failure to meet this requirement can entail severe repercussions, which can be avoided with assistance for the latest innovations available on the market.”