Protecting Patient Privacy: Cybersecurity Priorities For Healthcare

Uploaded on 2024-11-25 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

promotion

For criminal masterminds, hospital infrastructure poses itself as an alluring target for malware, mayhem, and disruption.

The recent ransomware attack on Change Healthcare is just one example of this - with prescription deliveries being delayed or disrupted across America, all to the tune of a suspected $22 million ransom payment.

What are hospital IT professionals doing to address cybersecurity risks across the industry? As it turns out, a lot - as healthcare leaders become increasingly informed about the risks to their networks, professionals around the nation are working together to help protect against the threat of rogue states and other professionals.

Cybersecurity isn’t just the responsibility of system administrators, however - it’s important to note that every hospital professional, no matter whether you’re a recent graduate of an accelerated MSN program or an experienced clinician, we all have a role to play in keeping hospital networks safe and patient data protected.

Cybersecurity Is Increasingly Significant

According to research conducted by Kodiak Solutions, cybersecurity and data privacy continue to be a key risk area for healthcare management across America. Healthcare providers are lucrative targets, often because of the sheer volume of isolated systems that administrators and other key personnel have to work and protect.

A single successful cyber attack can potentially disrupt a healthcare provider, sometimes for weeks. While this can often seem like an idea from a wargaming session, unfortunately, there have been real and disruptive examples of ransomware attacks disrupting hospitals for extended periods.

Two significant attacks in the last year have included ransomware attacks on Ardent Health Services in November 2023, and Change Healthcare, in early March 2024. These attacks were significant - in the case of Ardent Health, patient data was copied and stolen from their ransomed system.

The attack on Change Healthcare’s ransomware has been much more significant. In the weeks since the attack was discovered and reported, it has resulted in substantial and ongoing disruptions to medical claims systems - resulting in significant impediments for clinics and practices to be able to submit insurance claims.

The Importance of Preparedness

The cyberattacks on Change Healthcare and Ardent Health highlight just how broad and varied the impacts can be. While you may not be able to protect against every type of attack, it’s important to consider how an organization may be able to prepare to respond when a cyberattack inevitably does occur.

Researchers from research advisory Gartner describe the notion of cybersecurity in terms of four key elements - proactive identification of risk, recovery or response procedures in place, enterprise-level learning and education, and practice.

By incorporating each of these elements into a cybersecurity framework, medical organizations can be prepared for cyber threats and feel confident in their ability to manage them effectively.

Consider, for example, if Change Healthcare had a recovery procedure in place to restore systems, rather than paying a suspected significant payout to ransomware owners during a recent attack on their systems. While it may not have entirely prevented an attack, it may have been a significant step in repairing compromised systems.

The provision of enterprise-wide learning opportunities may have been able to help medical personnel spot the signs of an intrusion and flag for assistance before any major attacks began. As you can see, these four key elements can all play a vital role in the protection of hospital assets.

Embedding Cybersecurity Within Healthcare

Cybersecurity doesn’t have to be solely the responsibility of IT professionals and system administrators. It’s important to highlight that no matter whether you’re a registered nurse or a hospital cleaner, there are things that you can do to help protect the digital landscape around you.

One hospital system that has had great success in fostering a preparedness culture has been Jackson Hospital in Florida. In January 2022, hospital staff experienced issues with patient charting software, a tool that’s vital to their work. Contacting IT staff, the Jackson Hospital IT team was able to rapidly identify that a third party had introduced dangerous malware to their emergency room charting system.

By having a prepared and aware team, IT director Jamie Hussey was able to rapidly activate contingency plans, isolating hospital IT systems while staff switched to paper and pen recording with minimal impact on patient care. Over the next two days, Jackson Hospital was able to perform a root cause analysis of the infected system, and slowly restore and recover other adverse systems.

The impact? While the ER charting system was down for about a week, Jamie’s team was able to restore other key systems safely within three days, with no loss of patient data and no degradation in patient care.

By embedding a culture of preparedness within the Jackson Health team, the IT director was able to make rapid decisions that meant the difference between a short-term outage for the hospital system, and a long-term, ongoing intrusion. The incident at Jackson Health is a great example of how a prepared and aware team can be a protected team.

The Changing Regulatory Environment

As cyber threats evolve, it’s important to not only prepare and protect against potential cyberattacks but to also stay informed on regulatory requirements. One such example of cybersecurity regulation that impacts the US healthcare industry in particular is the Cybersecurity Act of 2015 - Section 405(d).

In part, this act convenes a task group between the Department of Health and Human Services, as well as key stakeholders, leveraging the knowledge of industry professionals and providing ongoing publications on how healthcare providers can improve cybersecurity standards. It is essential reading for any information security professional, as it can help shore up cybersecurity awareness and preparedness within an organization.

Cybersecurity is a constant and ongoing threat - in the years to come, we can only begin to imagine how hospital systems will become vulnerable to ransomware and malware attacks. It’s critical to note, however, that hospital staff can take steps today that will help protect infrastructure and patient data against oncoming threats.

It may seem challenging and complex to protect data against the challenges of cyber threats - but for many organizations, it’s a small cost now to inoculate yourself from the large costs of ransoms and infrastructure repair.

It’s time for organizations to put their cyber awareness to good use - after all, your network infrastructure may just be the next target.

Image: Tima Miroshnichenko

You Might Also Read: 

Hackers Target Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Practice Makes Perfect For Incident Response
Google Invests In U.S. Education With 15 New Cybersecurity Clinics »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Cyber Security Malta

Cyber Security Malta

Cyber Security Malta is part of Malta's National Cyber Security Strategy which aims to combat cybercrime, strengthen national cyber defence and provide cyber security awareness and education.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

FortiGuard Labs

FortiGuard Labs

FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.