While we’ve always leaned on the healthcare system in our most trying time, in 2020 the need for healthcare has become even more profound.
But at the same time, in the back of our mind we’ve been wondering how secure hospitals and other healthcare facilities are from cyber threats.
The pandemic has proved to be rather lucrative for cybercriminals and to ignore the beating heart keeping the economies of the world alive right now could be a mistake.
This is why chief information security officer (CISO) at BT, Bryan Fite has urged the healthcare and life sciences (HLS) sector to safeguard its digital assets.
The CISO notes that he has seen rapid digital transformation in the sector and while it is encouraging, it’s also worrying.
“As I see so often, digital transformation at this scale and pace exposes processes, systems and partnerships to new cyber security threats. Security that isn’t designed to keep up with these rapid developments will either hold the sector’s transformation back or, worse, expand the organisation’s attack surface, leading to data breaches or non-compliant outcomes in this heavily regulated sector,” says Fite.
While the theft of intellectual property is naturally a concern for all sectors, especially the HLS sector, we’d argue that the data that flows through those organisations is perhaps more valuable to a ne’er-do-well.
BT’s CISO says that its clients handle a “significant” amount of sensitive data and while you might not think a patient’s drug schedule is important, it can be.
“The information passing through HLS organisations is more lucrative to cybercriminals than credit card data and includes patient records used in clinical trials and individual patient data collected by IoT-enabled medical devices,” says Fite.
“And the rules governing drug safety, supply chain security, patient privacy, and other sensitive information are complicated, so it is important security systems are carefully created. What’s more, as many HLS organisations operate internationally, multiple regional regulations can apply at different points in the supply chain. A regulatory breach can be just as damaging to an organisation as a cyberattack, so compliance needs to be a high priority for the sector,” the CISO adds.
With the Protection of Personal Information Act coming to the fore since July, this is more important than ever for local organisations in the HLS sector.
But where does one start?
According to Fite, the network is a decent starting point when addressing and assessing risk but, it also can’t be a hassle.
Of course this means striking a balance as accessibility and security aren’t often seen together in the same sentence.
“I believe that a policy of zero trust is the appropriate approach, so that every device, end point or access point into the network is regarded as a possible threat vector that needs to be protected,” explains the CISO.
At this point we want to highlight that when Fite says every device, he means every device. If it has an IP address and it connects to the internet, it must be secured.
While it was produced a few years ago, the short film below produced by HP Studios showcases just how dangerous a hospital can be if not secured properly.
But more than the network and the IoT devices in the hospital, employees will prove to be any organisation’s downfall.
“I think that it’s crucial that people in the sector are regularly upskilled so as new devices, systems and process are introduced, they can continue to prioritise security and keep data secure and stakeholders safe,” says Fite.
We have to agree there, when it comes to keeping healthcare workers safe, we urge you to remember that goes for their online health as well.[Image – CC 0 Pixabay]