In the first instalment of our trends in healthcare blog series, our healthcare experts, summarise some of the challenges surrounding cyber security in healthcare. As well as exploring the underlying reasons why healthcare in particular is vulnerable to attack, they also explore what-good-looks like.
The importance of cyber security in healthcare
The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It’s imperative that time and funding is invested now to protect healthcare technology and the confidentiality of patient information.
Cyber security in healthcare protects electronic information and assets from unauthorised access, use, loss, and disclosure. Its goal is to safeguard the confidentiality, integrity, and availability of confidential information, otherwise known as the CIA triad. It’s becoming increasingly important, with accelerated remote working bringing a new wave of security risks
Earlier this year the Health Service Executive (HSE) of Ireland recently suffered a major ransomware cyber-attack in May of 2021. Many hospital appointments across the country were cancelled, EHRs became inaccessible, radiology systems went down, and the COVID-19 testing referral system rendered unavailable for a number of days. The scale of the disruption, the alarming threat to life, and repair costs estimated in the millions underscores the massive danger posed by cybercriminals and the growing necessity for stronger cyber security.
4 reasons why the healthcare industry is vulnerable
1. A Complex Supply Chain
From cleaning supplies to CRM appointment reminder software and scanning machines to climate-controlled transport of drugs, the healthcare system is a highly complex supply chain. This makes security practices hard to incorporate.
2. Data Gone Digital
Digitised patient data ensures information is always accessible, up-to-date, and easily communicated. But it also makes this data an increasingly attractive target for the cybercriminals.
3. Connected and Outdated Devices
Medical devices are increasingly connected to the internet. Doctors and nurses rely on these machines to monitor patient health and to serve as a partner in diagnosis. Each connected device offers another potential entry point for hackers.
4. Overstretched Staff
The majority of breaches related to data privacy in healthcare are the result of employee error and unauthorised disclosure. In the already overstretched world of hospitals, it is no wonder that cyber security is not top of mind for most workers.
The technologies that need securing
Medical records containing highly sensitive data need to be kept private. For large records (e.g., CT scan images) the problem is doubly complicated by the size of the files being transferred and displayed.
In terms of basic cyber security, the healthcare industry lags behind other sectors like finance and manufacturing who often build their infrastructure with data security in mind. This is especially challenging given how rewarding healthcare breaches can be to hackers (personal health information is worth an average of 10 times more than financial information on the black market). Not to mention the significant risk to patient care when day-to-day functions are interrupted.
Protecting healthcare information is now a top priority for all healthcare organisations. Innovative medical devices and healthcare applications are critical to patient care, but, as seen in Ireland, are all too often the target of cybercriminals. It is critical that manufacturers implement security by design to keep patients and their data secure.
What good looks like
So how can digital healthcare leaders respond to the cyber security challenges they are facing? The NHSX, What Good Looks Like framework advises having a system-wide plan for maintaining robust cyber security and an adequately resourced ICS-level cyber security function.
Sound advice, but our experience suggests effective cyber security demands a base set of skills that an NHS, or public sector healthcare organisation isn’t necessarily well placed to deliver itself.
For this reason, many healthcare organisations are deciding to outsource security in its entirety. The Chief Information Officer of a leading NHS Foundation Trust, and a Telefónica Tech customer describes how this approach has benefitted them “We had a vision for a modern system fit for 21st century medicine, but we knew to try and run this ourselves would be a mistake. Now, we have experts across different domains that the Trust previously didn't have access to. Malware is trapped before it gets anywhere near the hospital systems and staff are protected with an “invisible layer of security” both on and off the hospital campus."
The above example illustrates the importance of keeping pace with the fast-moving security landscape, but also how removing the immense pressure of day-to-day management can help achieve broader digitalisation goals within healthcare.
Our Healthcare Centre of Excellence
Discover how our healthcare centre of excellence is helping to meet the trends transforming healthcare, including cyber security challenges. Learn how your business can deliver exceptional outcomes through Telefónica Tech Health’s solutions.