avatarDr. Preeti Singh

Summary

The website content discusses the critical need for robust cybersecurity measures within the healthcare sector to protect against a growing number of cyber threats, including ransomware attacks and data breaches, which can compromise patient safety and sensitive information.

Abstract

Healthcare organizations are increasingly targeted by cyber attackers due to the valuable and sensitive nature of the data they handle. The article underscores the severity of cyber threats in healthcare, citing numerous ransomware attacks during the COVID-19 pandemic that led to significant disruptions in patient care. It emphasizes the importance of cybersecurity in safeguarding both patient data and medical devices connected to the Internet of Things (IoT), which are particularly vulnerable due to a lack of standardized security protocols. The healthcare sector's significant contribution to national GDPs and the complex network of specialized systems, such as EHRs and IoT devices, further underscore the need for comprehensive security strategies. The article suggests that maintaining cybersecurity in healthcare facilities requires a multifaceted approach, including staff awareness and training, incorporating safety measures, and establishing interdisciplinary security teams.

Opinions

  • Elizabeth Butwin Mann states that cybersecurity is no longer a back-office issue but a widely recognized concern that affects everyone, including patients, healthcare providers, and vendors.
  • The article implies that the healthcare sector's rapid adoption of IoT devices has outpaced the implementation of adequate security measures, leaving systems vulnerable to attacks.
  • There is a consensus that the healthcare industry is a lucrative target for cybercriminals due to the potential for high financial gains from ransom demands and the sale of stolen patient data.
  • The article advocates for regular cybersecurity training for medical staff and the adoption of stringent security protocols to mitigate the risk of attacks.
  • James Scott is quoted emphasizing the urgent need for improved "cyber hygiene" within the health sector to prevent data breaches and protect patient information.

CYBER SECURITY|HEALTH CARE

Health Care And The Need For Cyber Security

How do we stop attackers?

Photo by FLY:D on Unsplash

Cyber security for health care?

Do we need security for health? Why? Let me answer this question. One of the leading cyber security and health professional states

“Cyber has become dinner table conversation. Every executive knows that cybersecurity is an issue. Our parents and grandparents know that cybersecurity is an issue. It’s not a hidden back-office topic anymore.”- Elizabeth Butwin Mann,

More than healthcare providers were victims of ransomware attacks in 2020 during the covid-19 pandemic. Ransomware attacks had resulted in EHR downtime, ambulance diversions, and appointment cancellations. ransomware continues to be one of the biggest threats to the healthcare sector in 2021.

Medical devices and the networks that they operate have also been exposed to cybersecurity risks. Many devices were portable or implanted in a patient. This created a lot of difficulties in tracking all the devices on its network and the cyber attackers has a field time during the covid period.

The estimate of the Centers for Medicare and Medicaid in the USA is that health care spending accounts for 18% of the nation’s gross domestic product, or about $3.5 trillion. Around the world, the estimates are quite similar for the health budgets of other countries.

Healthcare organizations have various types of specialized hospital information systems such as EHR systems, e-prescribing systems, practice management support systems, clinical decision support systems, radiology information systems, and computerized physician order entry systems to name a few.

They also have devices that use the Internet of Things. Some of them are smart elevators, smart heating, ventilation, and air conditioning systems, infusion pumps, and remote patient monitoring devices

The Internet of Things (IoT) is now used increasingly and cybersecurity has become a big challenge.

The IoT concept has helped the health sector with a high degree of accessibility, integrity, and availability to doctors and hospital systems. However, IoTs are often vulnerable to cyberattacks due to a lack of security standardizations and requirements.

Attackers can leverage against IoTs if they hope to gain from the attack.

Who are the healthcare stakeholders? These are primarily patients, workforce, vendors

When can cyber-attacks take place in Healthcare systems? Health care facilities have a lot of sensitive data of patients stored in systems. Once the data reaches the system of the health care organization, they become responsible for protecting private financial and medical information about their patient, employees, and vendors. They also have to be careful to protect valuable intellectual property in case they have it.

Attacks can take place when medical staff is not trained to operate the security systems or when equipment is transferred to another unit. Hospitals have a large number of people working together. It may consist of staff, doctors, and nurses. They are often running from one end to the other for patients’ needs.

Since there are too many fast activities happening in a hospital or a private clinic often the people working there compromise their networks with visitors without knowing their credibility. Data can be stolen with lax in their security system. This happens because they are not aware of the risk that they are exposing themselves to and compromising the security of their internet-equipped digital devices.

Private patient information is easy for attackers because at one go they can make a lot of money by asking for a ransom. Hospitals are attacked because they store the detailed data of people. Hackers can sell it easily so it is important for hospitals to keep their information secure.

How should hospitals safeguard from cyber security attacks?

The most important manner in which cyber security can be maintained in a hospital is to be very clear that security is very important and so have an awareness meeting for the staff from time to time.

  • Clear message: By giving a strong clear message to the staff to keep data with utmost care. Meetings have to be held with a senior executive to keep strict discipline and control.
  • Incorporating safety measures: By incorporating safety principles through standardizing and simplifying equipment, supplies, and processes a certain degree of cyber security can be maintained.
  • Training programs: Establishing interdisciplinary teams and training them in departmental and interdepartmental security.

Types of attacks reported in the health care sector

  • Ransomware.
  • Data Breaches.
  • DDoS Attacks.
  • Insider Threats.
  • Business Email Compromise and Fraud Scams.

The takeaways

The takeaways are the following:

#1. There are several threats to cyber security in the health sector as they have large volumes of data stored with them. The attackers find it more lucrative to steal hospital data rather than credit cards as they can get a mine of wealth and attackers can make money easily.

What should be done? Special care must be taken to protect the data by ensuring discipline and control.

#2. The attackers will continue to attack and that cannot be stopped because they look towards their advantages of earning money. Even during the pandemic they did not care at all and continued attacking the health sector.

How to make it secure? systems should be sound so that the attackers can be stopped when they actually hit and will remain only a threat without affecting millions of people.

#3Apart from ransomware attacks there was a risk exposed towards medical devices security in 2021 that impacted patient safety. Systems were being accessed remotely and the staff was not fully trained and sometimes innocently gave away data to strangers.

What is the remedy? Staff should be given training from time to time in using the systems carefully both within the department and interdepartmental. This is extremely important in the coming years.

Conclusion

Do not trust visitors and outsiders in a hospital and expose any data. Data leaks often happen with carelessness.

Remember every click is important. Only use trusted sites. If an attack happens we will lose all our data to the benefit of the attacker.

The health sector should be doubly careful as it is entrusted with the responsibility of people and society at large.

The future of the health care sector to thrive is to stop cyber crimes by being cyber security safe.

“The health sector is in desperate need of a cyber hygiene injection” ― James Scott.

I would like to recommend the article of Brajendra Kumar on Cyber Security awareness month- A reminder for every click

©Dr. Preeti Singh, 2021.

Healthcare
Cybersecurity
Future
Technology
Ransomeware
Recommended from ReadMedium
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarJohn Gorman
Stop Wasting Your Time

A Simple Framework for Making Better Decisions

13 min read
avatarmo9khu93r
0 Click — Account Takeover | Bug Bounty

Vulnerable Forgot Password

2 min read
avatarSufyan Maan, M.Eng
What Happens When You Start Reading Every Day

Think before you speak. Read before you think. — Fran Lebowitz

6 min read
avatarHazel Paradise
How I Create Passive Income With No Money

many ways to start a passive income today

5 min read
avatarLove Sharma
System Design Blueprint: The Ultimate Guide

Developing a robust, scalable, and efficient system can be daunting. However, understanding the key concepts and components can make the…

9 min read