When it comes to cyber security, hospitals must recognize that threats are no longer just a phenomenon. Cyber attacks have now become a fact of life, and healthcare providers are primary targets on many fronts. It is no longer a matter of if, but when they will strike. Even before the pandemic, this was the prevailing trend.
In the UK, incidents such as the 2017 WannaCry attack on the NHS grabbed headlines. But they were only the tip of the iceberg. The 2020 HIMSS Cyber Security Survey revealed that 70% of hospitals surveyed had suffered a significant security incident in the past 12 months.
From phishing and ransomware to data breaches, they were already dealing with a host of threats: a growing burden of financial loss, reputational damage, compromised clinical outcomes, and serious concerns about patient privacy.
A wave of digital health technology
When the pandemic broke out, a wave of digital health technology and connectivity enabled services to continue that swept through every health care setting. For all of its benefits, it was also accompanied by an increase in hospital exposure from cyber security risks and sneaking bad actors. The appearance of technology in new locations, the implementation of new systems, and the proliferation of connected medical devices have created new opportunities for threats to penetrate even the strongest firewalls.
As COVID-19 has put healthcare institutions under unprecedented strain, there has also been a rise in cyber attacks. This effect was noted by the European Union Agency for Cyber Security (ENISA), which stated that attacks on hospital and healthcare networks increased by 47% during 2020.
“During the pandemic, healthcare organizations found themselves under increasing stress,” says Angin Demirel, Head of Customer Solutions EMEA, Digital Health, Olympus Europe. “Digital health technologies were effectively used in many sectors to overcome staff shortages, time constraints and avoid overcrowding in rooms, ultimately reducing the risk of infection. However, digital health in the health sector The increasing adaptation and use of technologies has increased the vulnerability to ransomware and other cyber attacks.
Hospitals are already well aware of the measures they can take to try and reduce the risk of attack. Some of these are policy-based and culture-focused: regular awareness and prevention campaigns for employees, and the establishment of robust business continuity plans. Others are related to the security and management of IT systems and equipment.
“One-time actions and measures are not enough to build the trust of data subjects. Continuous action and reform are needed. increases the risk of patient violations.” and staff data.”
Engin Demirel, Head of Customer Solutions EMEA, Digital Health, Olympus Europe
Many administrative, clinical and healthcare applications are moving to virtual and cloud platforms. And with the Internet of Things (IoT) growing in speed, connected devices are certainly collecting data. That’s where the importance of a strong, interactive relationship with the hospital’s medical technology providers comes into play.
multiply and diversify
“The healthcare industry is changing and at times being disrupted by the growing number of IoT devices and equipment,” says Demirel. “These often handle sensitive and patient data, such as personally identifiable information (PII) and protected health information (PHI). If this data falls into the wrong hands, it can be misused.”
He points to a recent study showing that 53% of connected medical and other healthcare IoT devices have at least one unaddressed vulnerability. Despite the improvements such devices have brought to patient care and health care facilities, these vulnerabilities will multiply if proper security control measures are not incorporated.
These measures include encrypted data streams, strong authentication tools, and continuous software and security updates – all of which can suffer from fragmented provisioning and management in today’s complex hospital IT infrastructures. There are positive signs that digital leaders are ramping up their efforts on this front.
“Hospitals have dramatically increased their focus on security in recent years and this has resulted in better protection of their critical assets and more in-depth questions with technology suppliers,” says Mike Ryan, Global Head of Digital Engineering at Olympus. “I would encourage everyone in healthcare to make security a high priority for their institutions – and we intend to be a role model for bringing highly secure digital products that address the real clinical needs of the market. We do.”
Enhanced systems integration is a key aspect of cyber security to reduce the impact of an attack. Today’s hospital systems often benefit from automated security patches, virus and malware updates, and they have comprehensive reporting capabilities so that IT teams always have a complete picture of the security situation. But they have to be consistent across the board.
“We understand that security is fundamental to a viable product and are taking steps to drive security for both the product and related information systems. We are actively working on a security roadmap to stay current and leverage across our various digital products working properly.”
Mike Ryan, Global Head of Digital Engineering at Olympus
Furthermore, as Engin Demirel points out, even with the latest tools and systems, tight integration of the IT infrastructure with IT security systems is often not enough to prevent an attack. Continuous monitoring combined with a multipronged approach to security – a combination of best practice and standards-based technology – is essential. This is the approach supported by Olympus and embodied in the development of its content management system (Vaultstream) and associated equipment.
“We understand that security is fundamental to a viable product and are taking steps to drive security for both the product and associated information systems,” says Mike Ryan. “We are actively working on a security roadmap to stay current and leverage across our various digital products.”
This is the level of cyber security integration that hospitals should now be demanding from their technology providers. It is essential to be able to rely on the protection of sensitive health data across the entire spectrum of care, not just to ensure that healthcare institutions comply with data protection regulations such as the GDPR. It is equally important that patients and physicians can trust hospitals to manage access to their data.
Due diligence for sensitive data
This makes it even more important that healthcare providers work with each of their partner vendors in the digital estate – and do due diligence before committing to a new relationship. With so much third-party vendor involvement in the healthcare sector, IT leaders must have a clear understanding of the data security measures that each vendor takes, and how their security concepts work.
“One-time actions and measures are not enough to build the trust of data subjects,” says Demirel. “Continued action and reform are needed. Choosing vendors and other partners without carefully assessing data security risks and assigning responsibilities at large increases the risk of patient and staff data breaches.