Every acquisition of a healthcare business in the market also brings data security to the forefront because experts think there's a gap out there
Once upon a time doctors only had to manage their patient’s health. And health delivery organizations (hospitals and nursing homes) spread their workforce around healing the sick with a total focus on medical equipment, services and the rest of the nine yards. However, with healthcare going digital, the medical profession needs to worry about technology too.
From a position of accepting technology as an annoyance to their core work, medical practitioners are forced to step into the big bad world of cyber crime and its impact. The cultural chasm of treating cyber security as a must-have instead of a good-to-have by the core medical practitioners is what needs to be crossed, if the world has to sit back and relax without thoughts of their health data being misused by vested interests out there.
What has to go wrong, does so
Things took a turn for the worse during the global pandemic as healthcare professionals had to not just care for the Covid-19 patients, but also ransomware that could potentially take down the hospital, both operationally and financially. Quite a leap of faith from two decades ago when none would give thought to device security or safety of healthcare records.
Add to this, the fact that the medical devices designed and built in the good old days continue to run effectively on patients, which means replacement needs to be forced by untoward incidents. Or, more likely the need to upgrade to new devices that require a higher payout as well as more process-oriented work to secure the medical data.
What’s the way out?
In a signed article published on ET’s HealthWorld, Subho Halder, co-founder and CISO at Appknox, a provider of mobile security solutions, suggests that the industry follow some basic data security standards such as multi-factor authentication and biometric security and secure access service edge (SASE) solutions.
He says, “advances in healthcare technology allow providers to dispatch improved diagnostics and patient outcomes, ultimately giving patients better care and recovery. However, with an increased dependence on technology, healthcare cybersecurity has become equally important as attacks against healthcare institutes grow with rapid digitization.”
For some years now, discussions have revolved around the possibility of hacking into a pacemaker or an insulin pump, and it is high time that these devices are perceived for their vulnerability to hacks too.
Moreover, one thing to remember is that there are machines that can be hit by malware as well as other specialty equipment that function on a basic microcontroller. So, an easy prescription at this juncture would be to keep some of the devices off the network. If so, what then happens to the medical records of the patient, which are supposed to reduce risks to their lives?
At some future date, most of these medical devices would’ve found security solutions through the constant innovation efforts. However, till such time hospitals and nursing homes need to up their cybersecurity efforts by security their infrastructure, patching vulnerabilities and updating systems constantly.
In parallel, the CIO or equivalent at hospitals should conduct training sessions for the staff to get them aware of the real threats of cyber crime. Best practices around cyber security should be part of their training calendar, as should process orientation and data due diligence.