Cybersecurity in healthcare
Possessing large IT infrastructures and vast amounts of stored personal data, organizations in the healthcare sector are a common target for cybercriminals. The WannaCry and NoPetya ransomware attacks that hit the healthcare industry in mid-2017 highlights the high level of disruption that malicious attacks can have on hospitals, health trusts, GP practices, and other healthcare bodies.
Common cyber security challenges in the healthcare sector include:
• Protecting large, often antiquated IT estates
• Juggling conflicts between service efficiency and patient confidentiality
• Keeping up with continuous workplace digitization
• Working with limited public funding and competing IT priorities
• Educating staff about cyber security risks
Key security questions for healthcare providers
Key security questions organizations in the healthcare sector should be asking:
What is our organization doing to protect data on mobile devices?
What is being done to monitor and protect against insider threats?
Have risk assessments been extended to third-party vendors?
Where are the weaknesses the networks and EHR systems?
Are suitable controls in place to prevent sophisticated threats?
Are systems able to identify threats that bypass the perimeter?
Is there a plan in place to detect, remediate and report breaches?
How regularly are systems backed up to mitigate ransomware?
Are staff sufficiently trained about cybersecurity risks?
How is the personal data of patients processed and protected?
Cybersecurity compliance in healthcare
Achieving HIPAA and HITECH Compliance is important, but these requirements are mere baselines for securing Protected Health Information (PHI).
Information technology is a core component in delivering quality healthcare. Electronic Health Records (EHRs) and telemedicine help enhance patient care, improve public health, streamline billing, and lower healthcare costs. Incidentally, as with all advancements in technology, information security risk is quick to follow. Attackers are keen on leveraging vulnerabilities in new technologies to exploit protected health information (PHI).
The benefits of these technologies can certainly outweigh the potential risks, but hospitals, pharmacies, clinics and physicians, pharmaceutical manufactures, and medical device makers must be prepared to assess and mitigate security risks to protect PHI.