4 reasons why the healthcare industry is vulnerable to cyber attacks

Medical,Technology,Concept,smart,Doctor,Hand,Working,With,Modern,Laptop,Computer

Written by Ellen Dickson, Health Strategic Director, Telefonica Tech

There are many challenges surrounding cyber security in healthcare. As well as exploring the underlying reasons why healthcare in particular is vulnerable to attack, I plan to explore what-good-looks like.

 

The importance of cyber security in healthcare

For me the  healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It’s imperative that time and funding is invested now to protect healthcare technology and the confidentiality of patient information. Cyber security in healthcare protects electronic information and assets from unauthorised access, use, loss, and disclosure. It’s goal is to safeguard the confidentiality, integrity, and Availability of confidential information, otherwise known as the CIA triad. It’s becoming increasingly important now, with accelerated remote working bringing a new wave of security risks.

Earlier this year the Health Service Executive (HSE) of Ireland suffered a major ransomware cyber-attack. Many hospital appointments across the country were cancelled, EHRs became inaccessible, radiology systems went down, and the COVID-19 testing referral system rendered unavailable for a number of days. The scale of the disruption, the alarming threat to life, and repair costs estimated in the millions underscores the massive danger posed by cybercriminals and the growing necessity for stronger cyber security.

 

4 reasons why the healthcare industry is vulnerable 

  1. A Complex Supply Chain – From cleaning supplies, to CRM appointment reminder software and scanning machines, to climate-controlled transport of drugs, the healthcare system is a highly complex supply chain. This makes security practices hard to incorporate.
  2. Data Gone Digital – Digitised patient data ensures information is always accessible, up-to-date, and easily communicated. But it also makes this data an increasingly attractive target for the cybercriminals.
  3. Connected and Outdated Devices – Medical devices are increasingly connected to the internet. Doctors and nurses rely on these machines to monitor patient health and to serve as a partner in diagnosis. Each connected device offers another potential entry point for hackers.
  4. Overstretched Staff – The majority of breaches related to data privacy in healthcare are the result of employee error and unauthorised disclosure. In the already overstretched world of hospitals, it is no wonder that cyber security is not top of mind for most workers.

 

The technologies that need securing

Medical records containing highly sensitive data need to be kept private. For large records (e.g. CT scan images) the problem is doubly complicated by the size of the files being transferred and displayed.

In terms of basic cyber security, the healthcare industry lags behind other sectors like finance and manufacturing who often build their infrastructure with data security in mind. This is especially challenging given how rewarding healthcare breaches can be to hackers (personal health information is worth an average of 10 times more than financial information on the black market). Not to mention the significant risk to patient care when day-to-day functions are interrupted.

Protecting healthcare information is now a top priority for all healthcare organisations. Innovative medical devices and healthcare applications are critical to patient care, but, as seen in Ireland, we are all too often the target of cybercriminals. It is critical that manufacturers implement security by design to keep our patients and their data secure.

 

What good looks like

So how can digital healthcare leaders respond to the cyber security challenges we are facing? The NHSX, What Good Looks Like framework advises having a system-wide plan for maintaining robust cyber security and an adequately resourced ICS-level cyber security function.

Sound advice, but my experience suggests effective cyber security demands a base set of skills that an NHS, or public sector healthcare organisation isn’t necessarily well placed to deliver itself.

For this reason, many healthcare organisations are deciding to outsource security in its entirety. The Chief Information Officer of a leading NHS Foundation Trust,  describes how this approach benefitted them:

 “We had a vision for a modern system fit for 21st century medicine, but we knew to try and run this ourselves would be a mistake. Now, we have experts across different domains that the Trust previously didn’t have access to. Malware is trapped before it gets anywhere near the hospital systems and staff are protected with an “invisible layer of security” both on and off the hospital campus.”

Keeping pace with the fast-moving security landscape is vital, but also removing the immense pressure of day-to-day management can help achieve broader digitalisation goals within healthcare.


More thought leadership

Leave a Reply

Your email address will not be published.

Join Digital Leaders

By submitting your contact information, you agree that Digital Leaders may contact you regarding relevant content and events.