The future of health is dependent on strong cybersecurity

19 Nov 2020

Image: © adam121/Stock.adobe.com

While advances in tech could transform the future of the healthcare industry, increasing cyberattacks could hold it back.

Click here to view the Future Health Week series.

If we have learned anything about the future of health – and, really, the future of anything – it’s that it is going to involve massive amounts of data.

Earlier this week, Siliconrepublic.com published an interview with bioethicist Dr Marielle Gross about the ethical implications of using patient data as we move into a more advanced healthcare industry.

But it’s not just the ethical use of data that we have to think about in this new age of information, it’s the actual security of that data. While the beginning of the pandemic resulted in a sharp increase in cyberattacks around the world, hospitals in the US have experienced waves of attacks in recent months.

According to a study featured in USA Today, ransomware attempts increased by 50pc in the third quarter of 2020 compared to the first half of the year, and hospitals and healthcare organisations were the hardest hit.

In October alone, the US Department of Health and Human Services (HHS) tracked more than 40 security breaches labelled hacking or IT incidents at hospitals and other healthcare organisations. Since the HHS only requires organisations to report breaches of health information that affect more than 500 people, the total numbers are likely to be even higher.

Jeff Brown, CEO of cybersecurity service company Open Systems, said that while cybercriminals have targeted healthcare organisations for years, the pandemic has essentially expanded their attack surface.

“They are currently taking advantage of the thousands of healthcare workers in human resources, accounts payable and other departments who are working from home due to the pandemic,” he said.

‘An impenetrable perimeter is a fine goal, but it just doesn’t work in the real world’
– JEFF BROWN

“Cybercriminals see all these employees remotely connecting to the applications and data they need to do their jobs as a tremendous opportunity to slip in unnoticed to penetrate hospital networks, hijack accounts and access potentially priceless data.”

However, while the global pandemic has undoubtedly exacerbated the challenge of cybersecurity within the healthcare system, it’s not exclusive to Covid-19. Brown said emerging technologies and increased use of smart devices at hospitals can lead to new vulnerabilities.

“The proliferation of internet-connected CT scanners, ultrasound machines and other smart devices are potential entry points for savvy cybercriminals. While undoubtedly useful, these devices will greatly expand a hospital’s attack surface, so preventing them from being compromised will become increasingly important.”

Preparing for the worst

As medical research becomes more advanced and emerging technologies become more widely adopted, the sheer amount of data within the healthcare industry is set to skyrocket.

According to a report published in the Journal of Big Data, various sources of big data in this sector include the usual suspects of hospital records and medical exam results, as well as information stored on IoT medtech devices and biomedical research data.

“There are various challenges associated with each step of handling big data, which can only be surpassed by using high-end computing solutions for big data analysis,” it said. “Organisations must choose cloud partners that understand the importance of healthcare-specific compliance and security issues.”

Aside from the sensitive nature of health data, healthcare breaches are considered the most expensive form of data loss according to a recent report from IBM.

‘The success cybercriminals have had to date only encourages them to continue their attacks’
– JEFF BROWN

While prevention is always better than cure, hospitals and healthcare organisations alike will need to ensure there is a plan in place for when ransomware attacks do happen, rather than simply hoping their security barriers are strong enough to prevent every attack.

“There needs to be acceptance that eventually all organisations will experience successful breaches,” said Brown. “An impenetrable perimeter is a fine goal, but it just doesn’t work in the real world.

“Recognising this, hospitals should focus on response and remediation at least as much as on prevention, because the sooner a threat is detected the earlier it can be contained and damage either prevented or at least minimised. This is crucially important in the case of a ransomware attack, which can cripple a hospital if successfully executed.”

In line with general security advice that has been given since the beginning of the pandemic, training and educating staff about the importance of good security hygiene is one of the key places to start, particularly for those who are working remotely.

“It’s clear that hospitals need to do more to protect themselves, their patients and even their own employees because the success cybercriminals have had to date only encourages them to continue their attacks,” said Brown.

“Continuing their DIY approach to cybersecurity may not be good enough for most hospitals given the costs, the global shortage of security professionals, the growth of their attack surfaces, and the increasing number and sophistication of cyberattacks.”

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com