Following the news that hospitals across the English NHS have been hit by a large-scale cyber attack it is timely to pause and reflect on what this means for leaders of hospitals and healthcare facilities.
Dark Reading a website aimed at cyber security experts reported in December 2016 that TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12.
According to the Department of Health and Human Services in the U.S. some of the largest attacks hit Banner Health (3.6M records) and Century Oncology (2.2M records.)
There are two major trends being reported in the way that cyber attacks are designed. The first is to target medical devices which may have vulnerabilities allowing hackers to hijack them. The second is the increase in ransomware which can deny the hospital access to critical IT systems.
A study from the Healthcare Information and Management Systems Society (HIMSS) found that healthcare organisations were both poorly prepared and inadequately protected. With cyber attacks forecast to escalate, this must be a serious concern. Lee Kims from HIMSS says:
"Traditionally healthcare providers are in the business of saving lives, so the IT security staffs have a difficult time competing for budget dollars. As recent as five years ago, you would hear people saying that people wouldn't want to attack a healthcare facility because they didn't believe anyone would want to do harm to the patients."
With this burgeoning evidence healthcare leaders must take action. Here are five steps you can take to make your organisation more secure.
1 Talk To Vendors About Vulnerabilities In Enterprise Solutions
Many healthcare organisations have well developed enterprise solutions delivering patient level systems. Now is the time to conduct an audit of these systems and healthcare organisations should ask their vendors to provide specific assurances about their software solutions.
2 Revisit IT Security In Your Organisation
Basic level security is no longer sufficient. Conduct an audit of your security policies and if necessary commission external experts to help assess their on-going suitability.
3 Have A Disaster Plan
Given the level of risk, every healthcare facility should have a plan in place to manage without access to its IT environment. If you’ve got a plan, now would be a good time to test it.
4 Build IT Security Into Future Device Procurement Specifications
It is already clear that medical devices of all kinds, when they are connected to the healthcare organisation’s IT network are providing some of the ways in for hackers determined to gain access. While it might be a case of closing the gate after the bull has bolted, nevertheless it would be a sensible precaution to build security into your future procurement specifications.
5 Invest In Machine Learning Technology
Blue Vector an expert in cyber security state in their white paper Applying Machine Learning Techniques to Achieve Resilient, Accurate High-Speed Malware Detection that a paradigm shift is needed.
They argue that the volume and persistence of cyber attacks will grow and that what organisation must do is up-rate their ability to detect they are under attack.
“Proactive search and discovery of threats using real time non-signature based techniques must replace antiquated signature and behavior based techniques. Automated identification of threats must reduce the discovery timeline from months to minutes”.
In an era of increased vulnerability which exposes patients to the risk of harm, deploying the latest defensive technologies might now be a vital part of a hospital's defence against cyber attacks.
Question: What are you doing to minimise your risk of a cyber attack? Leave a comment below.