Protecting Patient Privacy: Cybersecurity Priorities For Healthcare

Uploaded on 2024-11-25 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

promotion

For criminal masterminds, hospital infrastructure poses itself as an alluring target for malware, mayhem, and disruption.

The recent ransomware attack on Change Healthcare is just one example of this - with prescription deliveries being delayed or disrupted across America, all to the tune of a suspected $22 million ransom payment.

What are hospital IT professionals doing to address cybersecurity risks across the industry? As it turns out, a lot - as healthcare leaders become increasingly informed about the risks to their networks, professionals around the nation are working together to help protect against the threat of rogue states and other professionals.

Cybersecurity isn’t just the responsibility of system administrators, however - it’s important to note that every hospital professional, no matter whether you’re a recent graduate of an accelerated MSN program or an experienced clinician, we all have a role to play in keeping hospital networks safe and patient data protected.

Cybersecurity Is Increasingly Significant

According to research conducted by Kodiak Solutions, cybersecurity and data privacy continue to be a key risk area for healthcare management across America. Healthcare providers are lucrative targets, often because of the sheer volume of isolated systems that administrators and other key personnel have to work and protect.

A single successful cyber attack can potentially disrupt a healthcare provider, sometimes for weeks. While this can often seem like an idea from a wargaming session, unfortunately, there have been real and disruptive examples of ransomware attacks disrupting hospitals for extended periods.

Two significant attacks in the last year have included ransomware attacks on Ardent Health Services in November 2023, and Change Healthcare, in early March 2024. These attacks were significant - in the case of Ardent Health, patient data was copied and stolen from their ransomed system.

The attack on Change Healthcare’s ransomware has been much more significant. In the weeks since the attack was discovered and reported, it has resulted in substantial and ongoing disruptions to medical claims systems - resulting in significant impediments for clinics and practices to be able to submit insurance claims.

The Importance of Preparedness

The cyberattacks on Change Healthcare and Ardent Health highlight just how broad and varied the impacts can be. While you may not be able to protect against every type of attack, it’s important to consider how an organization may be able to prepare to respond when a cyberattack inevitably does occur.

Researchers from research advisory Gartner describe the notion of cybersecurity in terms of four key elements - proactive identification of risk, recovery or response procedures in place, enterprise-level learning and education, and practice.

By incorporating each of these elements into a cybersecurity framework, medical organizations can be prepared for cyber threats and feel confident in their ability to manage them effectively.

Consider, for example, if Change Healthcare had a recovery procedure in place to restore systems, rather than paying a suspected significant payout to ransomware owners during a recent attack on their systems. While it may not have entirely prevented an attack, it may have been a significant step in repairing compromised systems.

The provision of enterprise-wide learning opportunities may have been able to help medical personnel spot the signs of an intrusion and flag for assistance before any major attacks began. As you can see, these four key elements can all play a vital role in the protection of hospital assets.

Embedding Cybersecurity Within Healthcare

Cybersecurity doesn’t have to be solely the responsibility of IT professionals and system administrators. It’s important to highlight that no matter whether you’re a registered nurse or a hospital cleaner, there are things that you can do to help protect the digital landscape around you.

One hospital system that has had great success in fostering a preparedness culture has been Jackson Hospital in Florida. In January 2022, hospital staff experienced issues with patient charting software, a tool that’s vital to their work. Contacting IT staff, the Jackson Hospital IT team was able to rapidly identify that a third party had introduced dangerous malware to their emergency room charting system.

By having a prepared and aware team, IT director Jamie Hussey was able to rapidly activate contingency plans, isolating hospital IT systems while staff switched to paper and pen recording with minimal impact on patient care. Over the next two days, Jackson Hospital was able to perform a root cause analysis of the infected system, and slowly restore and recover other adverse systems.

The impact? While the ER charting system was down for about a week, Jamie’s team was able to restore other key systems safely within three days, with no loss of patient data and no degradation in patient care.

By embedding a culture of preparedness within the Jackson Health team, the IT director was able to make rapid decisions that meant the difference between a short-term outage for the hospital system, and a long-term, ongoing intrusion. The incident at Jackson Health is a great example of how a prepared and aware team can be a protected team.

The Changing Regulatory Environment

As cyber threats evolve, it’s important to not only prepare and protect against potential cyberattacks but to also stay informed on regulatory requirements. One such example of cybersecurity regulation that impacts the US healthcare industry in particular is the Cybersecurity Act of 2015 - Section 405(d).

In part, this act convenes a task group between the Department of Health and Human Services, as well as key stakeholders, leveraging the knowledge of industry professionals and providing ongoing publications on how healthcare providers can improve cybersecurity standards. It is essential reading for any information security professional, as it can help shore up cybersecurity awareness and preparedness within an organization.

Cybersecurity is a constant and ongoing threat - in the years to come, we can only begin to imagine how hospital systems will become vulnerable to ransomware and malware attacks. It’s critical to note, however, that hospital staff can take steps today that will help protect infrastructure and patient data against oncoming threats.

It may seem challenging and complex to protect data against the challenges of cyber threats - but for many organizations, it’s a small cost now to inoculate yourself from the large costs of ransoms and infrastructure repair.

It’s time for organizations to put their cyber awareness to good use - after all, your network infrastructure may just be the next target.

Image: Tima Miroshnichenko

You Might Also Read: 

Hackers Target Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Practice Makes Perfect For Incident Response
Google Invests In U.S. Education With 15 New Cybersecurity Clinics »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

SafeUM Communications

SafeUM Communications

SafeUM Secure Messenger is an encrypted secure communications protection mechanism for instant messaging.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.

Whalebone

Whalebone

Whalebone develop user-centric, no-installation network security products for telcos, internet service providers, enterprises, public institutions, and governments.

Runtime Ventures

Runtime Ventures

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise.

TrustFour

TrustFour

TrustFour is a pioneer in workload and non-human identity security, providing innovative solutions for compliance, remediation, post quantum resiliency, and advanced threat defense.