This blog was written by an independent guest blogger.rA recent attack on a hospital in Brno, Czech Republic (a COVID-19 testing center)ehowed the extent to which weaknesses in a health center’s cybersecurity system can endanger the lives of patients. During this attack, patients had to be redirected to other hospitals and vital surgeries were postponed - all during a time in which vital testing needed to be carried out and releases needed to be sped up. A study published in the journal Technological Health Care by CS Kruse et al. has found that “The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data.” It is vital, warn the researchers, to invest time and funding in protecting healthcare technology and in ensuring the confidentiality of patient information.
Time is of the essence in healthcare
Cybersecurity attacks interfere with vital work undertaken in the health sector - for instance, when ransomware makes crucial data inaccessible. Cyber attacks also lengthen already excessive waiting times, clogging systems during health crisis such as the current COVID-19 pandemic. A recent The Guardian article revealed that in many American hospitals, health insurance authorization can take days, leaving patients stuck in the hospital at a time when beds are needed. Some groups in particular - including military veterans - have coverage that can take time to receive authorization for. This is because not all vets are covered by TRICARE or the Veterans Health Care Program. If they have a high enough disability factor, they may be enrolled in different benefits plans than those without disabilities. Bureaucratic requirements can also vary depending on the institution and its verification requirements.
What are the most common attacks on the healthcare sector?
Attacks on hospitals and other centers that obtain and record data include ransomware attacks and (currently) Covid-19 themed phishing attacks. Healthcare professionals such as nurses and doctors - who have access to a wide array of data - are often the target of phishing scams. The new importance of remote work has also led to big weaknesses in security systems, with individual home systems often lacking the safety features that in-hospital systems rely on daily. Threats also include cloud threats owing to the lack of proper encryption, misleading websites that are similar to trustworthy sites, employee errors (weak passwords and failure to comply with security protocol), and blind spots in encryption systems.
Crucial steps for health organizations
To combat these attacks, healthcare organizations need to adopt optimal centralized security with enhanced detection and response. They also need to review current security systems to spot potential weaknesses and take into account all aspects of current operations - including employees’ wearable devices, smartphones, cloud sharing systems, and the like. Health organizations must ensure that any devices connected to the online world use a firewall and rely on top-grade anti-virus software. Network access should be limited, as should physical access to systems containing sensitive data.
Staff training is vital
Health organizations also need to invest in creating a secure culture, with regular, updated training for staff. Staff should be asked to install crucial software and to use firewalls in any remote devices used for work purposes. They should additionally know how to set safe passwords, and how to use key software. Education on the danger of using public WiFi is key. Finally, staff should be instructed not to install any software or applications that are not specifically authorized by the organization.
During crises such as the current pandemic, cybersecurity is more important than ever. Recent attacks show the extent to which ransomware and other attacks can delay patient treatment and release - and right now, when beds are scarce, and staff are under great stress - this type of attack is something hospitals simply cannot afford. Maintaining good computer habits, training staff, and investing in good cybersecurity software is key, as is making backups to ensure that staff can always access key patient data.