The healthcare sector is unique in its position regarding cybersecurity. In very few other industries is access to good data in a timely manner a life or death situation. This would lead you to think that cybersecurity must be top of mind for healthcare organizations, however you might be surprised. Despite the fact that the ‘WannaCry’ ransomware debacle in 2017 caused major disruption in the healthcare industry in the UK, we repeatedly hear of other healthcare providers shut down by ransomware or with lost data due to a cyberattack.
The challenge for the healthcare industry as a whole is how to take years of data and records and secure them in an ever-connected world. Technology has rapidly advanced healthcare; we have machines and devices that can do miraculous things, we have telemedicine that can give people access to expertise from all over the world. The downside is these things have vulnerabilities. These vulnerabilities (if not identified and mitigated) can turn an asset into a terror.
There are steps that can be taken to improve security in healthcare:
- Identify what is exposed to the internet
- Require a Virtual Private Network (VPN) connection for all remote access
- If there is a persistent need for remote access, restrict the IP addresses that are allowed access
- Perform regular scans in order to detect new vulnerabilities and patch them promptly
- Change any default credentials
- Restrict access from the internal network by using access control lists
- Guard all privileged accounts fiercely
- Train your users to be cyber aware
There are numerous other ways to secure the environment but the above are meant to show some basic security hygiene. These things don’t cost millions, they just require effort and time.
Let’s now talk about the elephant in the room. IT and security teams feel hampered by the doctors. In healthcare the doctor is the highest priority. We need doctors to get on board with cybersecurity. Yes, it may mean a few more hoops to jump through, it may mean a little inconvenience now and then, but lives are at stake. Not just data and money.
Healthcare is an attractive target to cyber criminals. It’s easier to justify paying a ransom when lives hang in the balance. Healthcare organizations need to get on board and make cybersecurity a high priority.