Cyber care for healthcare industries

Issue 2 2021 Healthcare (Industry)

From Hurricane Katrina to earthquakes in Japan, cybercriminals have long used crisis situations to further their own agendas. Regrettably, the COVID-19 pandemic is the latest to be exploited with organisations across healthcare industries, from hospitals to clinics, laboratories and pharmacies finding themselves in the crosshairs.

Lehan van den Heever.

In recent months, there have been numerous cyberattacks on these organisations around the world. Given that this pandemic will likely continue for some time, these threat actors will likely continue to exploit the situation.

Even prior to the pandemic, healthcare industries proved to be attractive targets. Last year, Kaspersky conducted a survey among healthcare sector employees in the US and Canada that revealed nearly a third of all respondents (32%) had never received any cybersecurity training from their workplace. Furthermore, one in ten employees in management positions also admitted that they were unaware of a cybersecurity policy in their organisation.

Lucrative industry

Our research into underground forums has shown that medical records are sometimes even more expensive than credit card information. This can partly be ascribed to how it opens potentially new methods of fraud: armed with someone’s medical details, it is easier to scam the patient or their relatives. Additionally, the number of attacks on medical facility devices in countries that are just starting the digitalisation process in the field of medical services will continue to grow. It is especially hospitals in developing countries that will be targeted.

Today, cybercriminals are usually looking to gather sensitive or scientifically significant information and either hold it for ransom or sell it on the black market. State actors have also launched attacks against healthcare organisations for purposes of intelligence gathering. Nevertheless, regardless of the reason, it is important that these healthcare organisations practice increased vigilance because any type of attack could interfere with them being able to provide critical care for their patients.

Continuity of operations and data protection are extremely critical for healthcare organisations. This is more so the case today with the sector under extreme pressure. For hospitals and medical institutions, it is important to ensure the stability of medical equipment and that data is constantly available for personnel, while also protecting the privacy of their patients’ critical information.

The reality is that hospitals and research labs generate and house assets that have a high value not just for stakeholders, but cybercriminals as well. Disruption to healthcare services may have a devastating impact on patients’ health and the ability for healthcare workers to carry out their roles effectively. Furthermore, a cyberattack, regardless of its nature, will damage credibility if disclosed to the public.

Best practice

There are several cybersecurity best practices available that healthcare organisations must adopt if they are not doing so already.

Schedule basic security awareness education for both medical personnel and administration employees that cover the most essential practices such as passwords and accounts, email security, use of USB devices, PC security, and safe web browsing. Healthcare providers should also review their existing cybersecurity solutions and ensure they are up to date, configured properly, and cover all employees’ devices. Even something as basic as using a firewall can make a massive difference to the environment.

Facilities must ensure all medical devices are properly configured and updated, such as ventilators. If there is a chance that the number of such devices increases rapidly, they should develop a dedicated procedure to quickly install and configure all new devices safely. Some hospitals have had to urgently hire new staff. This means an increase in the number of endpoints that must be protected.

The rapidly evolving market today means that no healthcare organisation can be considered safe from a cyberattack. It is therefore critically important that they embrace a more security-conscious approach to operations.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Paxton’s Net2 secures medicinal cannabis facility
Paxton Access Control & Identity Management Healthcare (Industry) Videos
Paxton’s Net2 access control has been installed at Highlands Grow, a fully licensed industrial-scale cultivator, producing cannabis for medicinal and recreational use.

Lock down your access control with Alcatraz AI
C3 Shared Services Healthcare (Industry) Access Control & Identity Management AI & Data Analytics
Alcatraz AI, represented in South Africa by C3 Shared Services, changes access control by harnessing the power of artificial intelligence and analytics at the edge, where facial recognition becomes the essential credential autonomously.

First telemedicine platform for South Africa
Guardian Eye Healthcare (Industry) AI & Data Analytics
South African employees often struggle to receive timely, affordable, and accessible healthcare. The challenge for many healthcare initiatives within organisations is the melting pot of cultures.

Healthcare and the edge
Technews Publishing Healthcare (Industry)
With the proliferation of IoT devices in healthcare, more data is generated which drives the need to distribute it efficiently and keep it closer to the user.

The cybersecurity consolidation conundrum
Editor's Choice Information Security Healthcare (Industry)
Check Point discusses why less is sometimes more when it comes to securing your organisation from the innumerable cyberattacks happening every day.

Cyber risks to healthcare
Healthcare (Industry)
60% of healthcare organisations in South Africa have confirmed that all medical equipment they use runs up-to-date software. Usage of legacy operating systems (OS) expose healthcare organisations to additional vulnerabilities and cyber risks.

Home care and assisted living
Salto Systems Africa Healthcare (Industry)
SALTO prevents unauthorised access, while saving residents – who may have mobility issues – from having to open their door since physical keys are replaced with contactless smart fobs, PIN codes or smartphone access.

Touchless healthcare
ZKTeco Healthcare (Industry)
With confidential data and potentially dangerous drugs and medical equipment, it can be more of a challenge for the healthcare sector to keep their premises safe than in other industries.

Data compliance for healthcare
Healthcare (Industry)
All healthcare facilities including hospitals and clinics are required to manage the complete destruction of all data when IT assets reach end-of-life using compliant data erasure techniques essential to protect company data.

Future of healthcare must be built on security
Healthcare (Industry)
IoMT, IoT, wearables to revolutionise health and potentially expose patients to new threats, say Doros Hadjizenonos and Matthew Taljaard.