5 tips for fighting cybercrime

Noted security expert shares insights on safeguarding sensitive data
By Eric Wicklund
10:15 AM
Shield with computer code

If you want to know how well a health system is protecting against cybercrime, you would have better luck talking to the criminals than asking the C-suite.

That's according to noted security expert Brian Krebs.

Speaking to a roomful of IT executives at the Gartner Symposium, Krebs said CIOs – including those in the healthcare industry – aren't doing a good job keeping the enterprise up to date on cyber threats, and that those looking to steal and make a profit from health information are much more informed, PCMagazine reported.

[Sign up for the new Healthcare IT News Privacy & Security Update.]

Krebs offered five tips for fighting cybercrime:

  1. Network segmentation: Make sure only those who need to see sensitive information have access privileges
  2. Dedicated incident response team: Set up a chain of command in the event of a breach, with roles clearly defined. In short, expect a breach, and plan accordingly
  3. Teach with breaches: Show staff what happens when a breach occurs, reviewing how other breaches have occurred and how they could have been avoided, so they're dealing with concrete examples rather than invented scenarios
  4. Drill your breach response: Practice often, so staff instinctively know what to do if/when something happens
  5. Include partners: With reports indicating as many as one-third of all healthcare data breaches are caused by vendors, it's wise to invite them and all others to the party

While Krebs' talk wasn't specific to healthcare, his advice rings true for an industry struggling with privacy and security issues. And the advent of mobile technology, both inside and outside the health system, only increases the avenues where hackers might get in and the opportunities for negligent or inadvertent data loss.

As he noted, executives can choose computer networks that are secure, fast or easy to use – but not all three at the same time.

See also: 

Q&A: Cleveland Clinic's security chief Mark Dill 

Partners CISO Jigar Kadakia talks the evolving threat landscape

How many intrusion attempts does the VA get each month? More than you might think