Protecting Patient Privacy: Cybersecurity Priorities For Healthcare

Uploaded on 2024-11-25 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

promotion

For criminal masterminds, hospital infrastructure poses itself as an alluring target for malware, mayhem, and disruption.

The recent ransomware attack on Change Healthcare is just one example of this - with prescription deliveries being delayed or disrupted across America, all to the tune of a suspected $22 million ransom payment.

What are hospital IT professionals doing to address cybersecurity risks across the industry? As it turns out, a lot - as healthcare leaders become increasingly informed about the risks to their networks, professionals around the nation are working together to help protect against the threat of rogue states and other professionals.

Cybersecurity isn’t just the responsibility of system administrators, however - it’s important to note that every hospital professional, no matter whether you’re a recent graduate of an accelerated MSN program or an experienced clinician, we all have a role to play in keeping hospital networks safe and patient data protected.

Cybersecurity Is Increasingly Significant

According to research conducted by Kodiak Solutions, cybersecurity and data privacy continue to be a key risk area for healthcare management across America. Healthcare providers are lucrative targets, often because of the sheer volume of isolated systems that administrators and other key personnel have to work and protect.

A single successful cyber attack can potentially disrupt a healthcare provider, sometimes for weeks. While this can often seem like an idea from a wargaming session, unfortunately, there have been real and disruptive examples of ransomware attacks disrupting hospitals for extended periods.

Two significant attacks in the last year have included ransomware attacks on Ardent Health Services in November 2023, and Change Healthcare, in early March 2024. These attacks were significant - in the case of Ardent Health, patient data was copied and stolen from their ransomed system.

The attack on Change Healthcare’s ransomware has been much more significant. In the weeks since the attack was discovered and reported, it has resulted in substantial and ongoing disruptions to medical claims systems - resulting in significant impediments for clinics and practices to be able to submit insurance claims.

The Importance of Preparedness

The cyberattacks on Change Healthcare and Ardent Health highlight just how broad and varied the impacts can be. While you may not be able to protect against every type of attack, it’s important to consider how an organization may be able to prepare to respond when a cyberattack inevitably does occur.

Researchers from research advisory Gartner describe the notion of cybersecurity in terms of four key elements - proactive identification of risk, recovery or response procedures in place, enterprise-level learning and education, and practice.

By incorporating each of these elements into a cybersecurity framework, medical organizations can be prepared for cyber threats and feel confident in their ability to manage them effectively.

Consider, for example, if Change Healthcare had a recovery procedure in place to restore systems, rather than paying a suspected significant payout to ransomware owners during a recent attack on their systems. While it may not have entirely prevented an attack, it may have been a significant step in repairing compromised systems.

The provision of enterprise-wide learning opportunities may have been able to help medical personnel spot the signs of an intrusion and flag for assistance before any major attacks began. As you can see, these four key elements can all play a vital role in the protection of hospital assets.

Embedding Cybersecurity Within Healthcare

Cybersecurity doesn’t have to be solely the responsibility of IT professionals and system administrators. It’s important to highlight that no matter whether you’re a registered nurse or a hospital cleaner, there are things that you can do to help protect the digital landscape around you.

One hospital system that has had great success in fostering a preparedness culture has been Jackson Hospital in Florida. In January 2022, hospital staff experienced issues with patient charting software, a tool that’s vital to their work. Contacting IT staff, the Jackson Hospital IT team was able to rapidly identify that a third party had introduced dangerous malware to their emergency room charting system.

By having a prepared and aware team, IT director Jamie Hussey was able to rapidly activate contingency plans, isolating hospital IT systems while staff switched to paper and pen recording with minimal impact on patient care. Over the next two days, Jackson Hospital was able to perform a root cause analysis of the infected system, and slowly restore and recover other adverse systems.

The impact? While the ER charting system was down for about a week, Jamie’s team was able to restore other key systems safely within three days, with no loss of patient data and no degradation in patient care.

By embedding a culture of preparedness within the Jackson Health team, the IT director was able to make rapid decisions that meant the difference between a short-term outage for the hospital system, and a long-term, ongoing intrusion. The incident at Jackson Health is a great example of how a prepared and aware team can be a protected team.

The Changing Regulatory Environment

As cyber threats evolve, it’s important to not only prepare and protect against potential cyberattacks but to also stay informed on regulatory requirements. One such example of cybersecurity regulation that impacts the US healthcare industry in particular is the Cybersecurity Act of 2015 - Section 405(d).

In part, this act convenes a task group between the Department of Health and Human Services, as well as key stakeholders, leveraging the knowledge of industry professionals and providing ongoing publications on how healthcare providers can improve cybersecurity standards. It is essential reading for any information security professional, as it can help shore up cybersecurity awareness and preparedness within an organization.

Cybersecurity is a constant and ongoing threat - in the years to come, we can only begin to imagine how hospital systems will become vulnerable to ransomware and malware attacks. It’s critical to note, however, that hospital staff can take steps today that will help protect infrastructure and patient data against oncoming threats.

It may seem challenging and complex to protect data against the challenges of cyber threats - but for many organizations, it’s a small cost now to inoculate yourself from the large costs of ransoms and infrastructure repair.

It’s time for organizations to put their cyber awareness to good use - after all, your network infrastructure may just be the next target.

Image: Tima Miroshnichenko

You Might Also Read: 

Hackers Target Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Practice Makes Perfect For Incident Response
Google Invests In U.S. Education With 15 New Cybersecurity Clinics »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Cleafy

Cleafy

Cleafy are a team of fraud hunters, cybersecurity experts, data scientists, and software engineers. Our purpose is to make people’s life easier and free from the threats in the digital ecosystem.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

ANIS

ANIS

ANIS represents the interests of Romanian IT companies and supports the development of the software and services industry.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

SideChannel

SideChannel

At SideChannel, we match companies with an expert virtual CISO (vCISO), so your organization can assess cyber risk and ensure cybersecurity compliance.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.