How Healthcare Can Protect Against Cyber Threats | Hospitals
One of the most fundamental lessons from the COVID crisis is that health should always be a priority. Like the human body which frequently battles viruses and foreign invaders that intend to harm it, the sector itself is now a prime target for another type of external threat: cyber attacks.
The figures speak for themselves: Between December and January of this year, UK hospitals were at 89% of capacity, with 7,000 fewer beds available than usual. As the pandemic increased pressure on hospitals, clinics, and research centers to create treatment for patients around the world, it left the industry exposed to hackers who, like a virus, relentlessly target it and kill it. evolve their tactics.
From patient records held for ransom to fake emails claiming to be from the UN, WHO, NHS or vaccination centers, to attacks on the cold supply chain to uncover the secret formula COVID vaccine, the healthcare industry faces a constant cyberattack and struggles to cope. This threat is unlikely to go away anytime soon – and as such, the industry needs to take a proactive and preemptive stance to stay safe in a dynamic digital world.
The responsive nature of healthcare – especially hospitals – means efficiency is crucial to industry standard operations. To support this, the industry has adopted technological advancements that can improve the quality of work, enable staff to meet pressing deadlines, and improve patient care. For example, the industry has digitized documents and improved its working methods by digital means in recent years.
This change is essential to provide high quality patient care; Yet it also means that the industry has become more dependent on IT, which can pose a risk if the cybersecurity processes employed are found to be inadequate.
Without the proper safety measures in place, the desired efficiency gains achieved can be easily lost in the blink of an eye. Put simply, a basic problem in the system can have a huge ripple effect on many areas, from accessing patient records and performing analyzes, to maintaining physical security and protecting the patient’s life. intellectual property for the development of experimental treatments.
To avoid this, healthcare organizations need to ensure that they consider cybersecurity as part of their overall digital transformation strategy and that they lay the right foundation to create a culture where safety goes hand in hand with healthcare. patients.
Reinforcement of defenses
Before implementing a cybersecurity process, healthcare facilities should assess the potential risks they face. Depending on how much confidential data is held, where it is stored, who has access to it, and by what means, the cybersecurity strategy and associated solutions will change.
It’s fair to say that a medical device startup where all employees have a company-approved laptop and access data through a VPN will have drastically different needs than a large hospital with hundreds of workers. frontline workers connecting to hospital Wi-Fi using their device.
These requirements will be pale compared to a global pharmaceutical giant with offices in multiple locations, a large R&D department researching new treatments for complex diseases, and a fully integrated supply chain. Considering the existing configuration and what the organization seeks to achieve with its digital transformation strategy will therefore have an immediate impact on the cybersecurity strategy.
Despite this, there are fundamentals that any organization must implement:
Review and test your backup policy to make sure it is complete and sufficient – By verifying that the organization’s backup is functioning properly, IT teams can limit the risk of disruption in the event of an incident and permanent loss of data.
In our recent State of Email Security report, we found that six out of ten organizations were victims of ransomware in 2020. As a result, affected organizations lost an average of six days due to downtime. stop. A third of the organizations even admitted that they had failed to recover their data despite paying the ransom. In the healthcare industry, this could mean the loss of valuable patient records or data related to new treatments – two areas in which the industry cannot afford to be rider.
Demonstrate due diligence throughout the organization’s supply chain – Healthcare organizations need to review how they work with partners, providers and the regulatory institutions they work with to avoid any weak links of their cybersecurity chain. Without this due diligence, organizations are exposed to the risk of incidents caused by third parties.
Deploy mandatory cybersecurity awareness training – Healthcare organizations should not neglect training and awareness raising for all their staff, including frontline workers who may not have regular access to the company network . According to our State of Email Security report, only a fifth of organizations provide ongoing cybersecurity awareness training.
This suggests that it is not widely viewed as a fundamental part of most organizations’ cyber resilience strategy, despite the fact that many employees depend on their organization’s corporate network for work. By providing systematic training, healthcare organizations can help workers at all levels better understand the current cyberthreats they face, their potential impact on their organization, the role they play in defending networks, and develop good hygiene habits in cybersecurity to limit the risk of incidents.
Consider a degree of separation – Information technology and operations networks (IT and OT) must be separated.
Although they are mutually supported and dependent on each other, employees should not access each other. This should be complemented by a proven contingency and resilience plan that keeps essential services running unabated when compromised. Likewise, administration terminals should not have access to the Internet to provide a degree of hardening and protection to these critical accounts.
As the industry becomes a common target for fraudulent and malicious activity, it is essential to place cybersecurity at the heart of the organization’s operations. This will help limit the risk of disruption from cyber attacks, reduce the time spent by the cybersecurity team resolving easily preventable errors, and ensure that facilities can provide patient care knowing their networks are secure.
Combat future threats
As technology continues to change the face of health, the surface and vectors available for malicious actor attacks continue to increase. With the introduction of applications, networked surveillance devices, and a need for communication, the attack vector continues to expand, a trend that must be monitored and protected.
To avoid harm to patients, staff or the organization for which they are responsible, healthcare leaders must place safety at the heart of their digital transformation strategy. Only then can the industry fully harness the benefits of technology. This should include implementing cybersecurity awareness training to challenge misconceptions about security, encourage conversation, and ensure employees know the basics of security and the threats they face.
This ultimately enables healthcare organizations to do what they do best – provide the best patient care, knowing their operations, patients and data are safe.