6 Cybersecurity Treatments for Healthcare Organizations

According to Aruba's new global study 'The Internet of Things: Today and Tomorrow '[1], 87 percent of healthcare organizations will adopt Internet of Things technology by 2019 and 76 percent believe this will transform the industry.

While the transition towards a future healthcare model—one that embraces a technology-driven approach to better meet the demands of diverse region—bodes well, it is a horror show waiting to happen when seen from a cybersecurity point of view.

According to Frost & Sullivan, Asia Pacific's healthcare IT market is expected to reach $12.6 billion by 2020, as innovations such as telemedicine, remote monitoring and activity trackers are showing their value in enhancing the way healthcare professionals care for their patients. The significant monetary potential in healthcare IT is attracting the unwanted attention of cyber criminals, armed with an arsenal that ranges from phishing schemes to ransomware, to attack an industry that is ripe for the picking.

This shows in the numbers: 89 percent of healthcare organisations suffered an IoT-related security breach, while 49 percent of them have struggled with malware. The study also found that human error and DDoS were also concerns .As hackers begin to deploy intricately planned targeted attacks, whether by breaching confidential systems or attacking websites, these can cause healthcare organizations to come to a standstill—and in the worst scenario, endanger the patient's wellbeing.

Just recently, we have seen a global ransomware attack that disabled healthcare workers of Britain's National Health Service, as well as hospitals in China, Indonesia and Japan, from accessing patient records, and resulting in canceled appointments and even delayed emergency operations.

MRI machines and CT scanners are primarily designed for data collection not security, while users are too careless to observe basic cybersecurity protocols such as connecting on non-encrypted Wi-Fi connections. This opens the door for opportunistic hackers to siphon sensitive information that can be sold or used for ransom.

So how can you ensure that your healthcare organization is safe from the hands of cyber criminals? Here are six cybersecurity treatments that healthcare organizations should prescribe to for safer practices—to ensure optimal operations and patients' peace of mind.

1. Know what connected devices are up to. In an environment where patients use mobile devices and healthcare workers track medical processes, having IT know which devices are connected to the network and what they are used for helps to sieve out possible loopholes for hackers.
2. Separate Wi-Fi access for patients and families. As the number of devices connecting to an unsecure network increases, it is important to introduce policies to segment guest traffic from hospital traffic to ensure that data can be accessed by the right people, at the same time exposure to threats are managed.
3. Educate user digital hygiene. With the increasing dependence on digital convenience, users are becoming sloppy with cybersecurity to save a few extra seconds. Prevention is especially good medicine, so perform endpoint health checks to ensure that laptops are fully compliant with internal requirements, and always check for the latest software patches and updates before devices connect.
4. Have a comprehensive approach to cybersecurity. Accessing patient information on personal or hospital-issued devices are becoming commonplace, so ensuring that these devices are configured with the appropriate permissions are key. Simple parameters such as user roles, devices, location, application usage and time of the day help manage these connections.
5. Strike partnerships with the experts. Any outage in technology can potentially lead to fatal consequences. Having partnerships with the right technology companies will go a long way in building a secure yet comprehensive ecosystem of medical devices and healthcare apps that are always ready for the needs of both patients and staff.
6. Establish a security culture. With most attacks, a single user can cause an entire organization's shutdown by giving them access to the database. Make sure that employees are guided on how to recognize suspicious emails, corrupted files, unsecure websites, and other red flags. By equipping everybody with best practices and know-how can eliminate many easy avenues of hacking from criminals.

Hospitals are often stressful environments for both patients and healthcare staff. As technology rapidly integrates to transform the healthcare experience into a positive one, the priority for all healthcare institutions will be to ensuring the security of the devices, critical care applications, and patient data through these treatment tips.

[1] Aruba IoT Research, 2017