Cybersecurity tips to prevent healthcare organizations from having to swallow a bitter pill

According to Aruba’s new global study ‘The Internet of Things: Today and Tomorrow’, 87 percent of healthcare organizations will adopt Internet of Things (IoT) technology by 2019. The pull of IoT is so strong that 76 percent believe the technology will transform the industry. In Singapore, the fast aging population means that healthcare facilities will soon be tested. It is estimated that 30,000 additional healthcare professionals will be required by 2020 to cater to the rising demand for healthcare services. Transitioning to a technology-driven model may be the most efficient solution to address this manpower challenge. Singaporeans are open to this with a survey conducted by Accenture showing that 57 per cent of the surveyed are willing to adopt technology to improve their healthcare experience. While the transition towards a future healthcare model—one that embraces a technology-driven approach to better meet the demands of diverse region—bodes well, it is a horror show waiting to happen when seen from a cybersecurity point of view. According to Frost & Sullivan, Asia Pacific’s healthcare IT market is expected to reach $12.6 billion by 2020, as innovations such as telemedicine, remote monitoring and activity trackers show their value in enhancing the way healthcare professionals meet patient needs. Unfortunately, the significant monetary potential in healthcare IT is also attracting the unwanted attention of cybercriminals who, armed with tricks ranging from phishing schemes to ransomware, are ready to attack. This shows in the numbers: 89 percent of healthcare organizations have already suffered an IoT-related security breach, while 49 percent of them have struggled with malware. Human error and Distributed-Denial-of-Service (DDoS) also continue to be concerns. As hackers begin to deploy intricately planned targeted attacks, whether by breaching confidential systems or attacking websites, these can cause healthcare organizations to come to a standstill—and in the worst cases, endanger patient well-being. The repercussions of poor cybersecurity planning can be a bitter pill for healthcare organizations to swallow. Just recently, the global ransomware attack WannaCry brought down Britain’s National Health Service, as well as hospitals in China, Indonesia and Japan, by preventing healthcare workers from accessing patient records, resulting in canceled appointments and delays in emergency operations. So how can healthcare organizations protect themselves from cybercriminals? Here are six proactive measures or ‘vaccines’ that healthcare organizations can take to guard against cyberattacks:

1. Know what connected devices are up to

In an environment where patients use mobile devices and healthcare workers track medical processes, having IT know which devices are connected to the network and what they are used for helps to weed out possible vulnerabilities that hackers might successfully exploit.

2. Separate Wi-Fi access for patients and families

As the number of devices connecting to an unsecure network increases, it is important to introduce policies to segment guest traffic from hospital traffic to ensure that data is being accessed by the right people, while at the same time limiting exposure to threats.

3. Improve day-to-day digital hygiene

With the increasing need for digital convenience, users are becoming sloppy with cybersecurity just to save a few extra seconds. Remember that prevention is better than cure; so make sure to perform endpoint health checks and ensure that laptops are fully compliant with internal requirements. In addition, always check for the latest software patches and updates before allowing devices to connect to the network.

4. Have a comprehensive approach to cybersecurity

Accessing patient information on personal or hospital-issued devices is becoming commonplace, so ensuring that these devices are configured with the appropriate permissions are key. Simple parameters such as user roles, devices, location, application usage and time of the day can help manage these connections.

5. Partner with the experts

Any outage in technology can potentially lead to fatal consequences. Having partnerships with the right technology companies will go a long way in building a secure yet comprehensive ecosystem of medical devices and healthcare apps that are always ready for the needs of both patients and staff.

6. Establish a security culture

Even a single user can cause an entire organization to shut down by accidentally giving the wrong people access to the organizations networks. Make sure that all employees are guided on how to recognize suspicious emails, corrupted files, unsecure websites, and other red flags. Equipping everybody with best practices and know-how can eliminate many easy points of entry for cybercriminals. According to a report by Accenture, cyberattacks could cost the healthcare industry over USD$305 billion over the next five years, with an estimated one in 13 patients’ medical records being compromised. As technology rapidly transforms the healthcare experience into a positive one, the security of devices, critical care applications, and patient data should be prioritized. The above tips can help healthcare companies strengthen their security posture and focus on meeting the needs of those who matter most – their patients.