Protecting Patient Privacy: Cybersecurity Priorities for Healthcare Leaders

Uploaded on 2024-11-25 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

promotion

For criminal masterminds, hospital infrastructure poses itself as an alluring target for malware, mayhem, and disruption.

The recent ransomware attack on Change Healthcare is just one example of this - with prescription deliveries being delayed or disrupted across America, all to the tune of a suspected $22 million ransom payment.

What are hospital IT professionals doing to address cybersecurity risks across the industry? As it turns out, a lot - as healthcare leaders become increasingly informed about the risks to their networks, professionals around the nation are working together to help protect against the threat of rogue states and other professionals.

Cybersecurity isn’t just the responsibility of system administrators, however - it’s important to note that every hospital professional, no matter whether you’re a recent graduate of an accelerated MSN program or an experienced clinician, we all have a role to play in keeping hospital networks safe and patient data protected.

Cybersecurity Is Increasingly Significant

According to research conducted by Kodiak Solutions, cybersecurity and data privacy continue to be a key risk area for healthcare management across America. Healthcare providers are lucrative targets, often because of the sheer volume of isolated systems that administrators and other key personnel have to work and protect.

A single successful cyber attack can potentially disrupt a healthcare provider, sometimes for weeks. While this can often seem like an idea from a wargaming session, unfortunately, there have been real and disruptive examples of ransomware attacks disrupting hospitals for extended periods.

Two significant attacks in the last year have included ransomware attacks on Ardent Health Services in November 2023, and Change Healthcare, in early March 2024. These attacks were significant - in the case of Ardent Health, patient data was copied and stolen from their ransomed system.

The attack on Change Healthcare’s ransomware has been much more significant. In the weeks since the attack was discovered and reported, it has resulted in substantial and ongoing disruptions to medical claims systems - resulting in significant impediments for clinics and practices to be able to submit insurance claims.

The Importance of Preparedness

The cyberattacks on Change Healthcare and Ardent Health highlight just how broad and varied the impacts can be. While you may not be able to protect against every type of attack, it’s important to consider how an organization may be able to prepare to respond when a cyberattack inevitably does occur.

Researchers from research advisory Gartner describe the notion of cybersecurity in terms of four key elements - proactive identification of risk, recovery or response procedures in place, enterprise-level learning and education, and practice.

By incorporating each of these elements into a cybersecurity framework, medical organizations can be prepared for cyber threats and feel confident in their ability to manage them effectively.

Consider, for example, if Change Healthcare had a recovery procedure in place to restore systems, rather than paying a suspected significant payout to ransomware owners during a recent attack on their systems. While it may not have entirely prevented an attack, it may have been a significant step in repairing compromised systems.

The provision of enterprise-wide learning opportunities may have been able to help medical personnel spot the signs of an intrusion and flag for assistance before any major attacks began. As you can see, these four key elements can all play a vital role in the protection of hospital assets.

Embedding Cybersecurity Within Healthcare

Cybersecurity doesn’t have to be solely the responsibility of IT professionals and system administrators. It’s important to highlight that no matter whether you’re a registered nurse or a hospital cleaner, there are things that you can do to help protect the digital landscape around you.

One hospital system that has had great success in fostering a preparedness culture has been Jackson Hospital in Florida. In January 2022, hospital staff experienced issues with patient charting software, a tool that’s vital to their work. Contacting IT staff, the Jackson Hospital IT team was able to rapidly identify that a third party had introduced dangerous malware to their emergency room charting system.

By having a prepared and aware team, IT director Jamie Hussey was able to rapidly activate contingency plans, isolating hospital IT systems while staff switched to paper and pen recording with minimal impact on patient care. Over the next two days, Jackson Hospital was able to perform a root cause analysis of the infected system, and slowly restore and recover other adverse systems.

The impact? While the ER charting system was down for about a week, Jamie’s team was able to restore other key systems safely within three days, with no loss of patient data and no degradation in patient care.

By embedding a culture of preparedness within the Jackson Health team, the IT director was able to make rapid decisions that meant the difference between a short-term outage for the hospital system, and a long-term, ongoing intrusion. The incident at Jackson Health is a great example of how a prepared and aware team can be a protected team.

The Changing Regulatory Environment

As cyber threats evolve, it’s important to not only prepare and protect against potential cyberattacks but to also stay informed on regulatory requirements. One such example of cybersecurity regulation that impacts the US healthcare industry in particular is the Cybersecurity Act of 2015 - Section 405(d).

In part, this act convenes a task group between the Department of Health and Human Services, as well as key stakeholders, leveraging the knowledge of industry professionals and providing ongoing publications on how healthcare providers can improve cybersecurity standards. It is essential reading for any information security professional, as it can help shore up cybersecurity awareness and preparedness within an organization.

Cybersecurity is a constant and ongoing threat - in the years to come, we can only begin to imagine how hospital systems will become vulnerable to ransomware and malware attacks. It’s critical to note, however, that hospital staff can take steps today that will help protect infrastructure and patient data against oncoming threats.

It may seem challenging and complex to protect data against the challenges of cyber threats - but for many organizations, it’s a small cost now to inoculate yourself from the large costs of ransoms and infrastructure repair.

It’s time for organizations to put their cyber awareness to good use - after all, your network infrastructure may just be the next target.

Image: Tima Miroshnichenko

You Might Also Read: 

Hackers Target Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Practice Makes Perfect For Incident Response
Google Invests In U.S. Education With 15 New Cybersecurity Clinics »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

Bleckwen

Bleckwen

Bleckwen is a proven fraud detection system that helps financial institutions build trust with customers.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.