Health services are vulnerable to cyberattacks. This is seen in the increasingly number of attacks, a frequency that reflects the value of the personally indefinable data malicious actors and the relatively vulnerability of many health sector organization systems.
The latest cyber misadventure has been levelled at the Irish health service, where the computer systems have been targeted. In response to the attack, the Republic’s Health Service Executive (HSE) undertook the precaution of closing down its systems to further protect them and assess the situation.
Speaking to RTÉ, the HSE’s national clinical advisor Dr Vida Hamilton said the attack was “affecting every aspect of patient care”.
Looking at this from the security sector perspective for Digital Journal is Anurag Kahol, CTO and co-founder of Bitglass.
Kahol opens by giving his thoughts as to why healthcare is a ripe target for hackers: “Healthcare organisations have been a major target since the start of the pandemic, and as a result need to ensure they take every precaution necessary to protect patient data.”
The sector does not help itself, however, as Kahol notes: “Hundreds of hospitals, medical offices, and imaging centres have contributed to over a billion exposed records; Ireland’s health service, the Health Service Executive, has become one of many.”
In other words, more can be done, and the pace of change isn’t helping.
Kahol sees the transformative activities as creating vulnerabilities as well as delivering advantages: “The rapid digitisation of patient records means it’s been very difficult to implement consistent data security policies and training schemes to educate staff on keeping data safe. As healthcare organisations make patient data more accessible to individuals and new systems, they must make information security their top priority.”
So, what can be done? Kahol sees: “Strategic investments in cybersecurity will make a significant impact on protecting healthcare businesses against cyber security risks, which will potentially save billions in the long run.”
And there is more: “To prevent future ransomware attacks and safeguard highly sensitive information, organisations must have full visibility and control over their data. This can be accomplished by leveraging multi-faceted solutions that defend against malware on any endpoint, enforce real-time access control, detect misconfigurations, encrypt sensitive data at rest, and prevent data leakage.”
To add to these measures, Kahol recommends; “Healthcare organisations need to ensure adequate employee training to protect from ransomware. Employees must be able to identify phishing attempts and illegitimate emails, which is the primary vector for ransomware attacks.”