Hospitals do a great job of treating patients but sometimes they forget about privacy and security.
Photo: Martha Dominguez de Gouveia
Our transformative healthcare industry increasingly relies on the use of digital technologies to drive medical workflow and clinical efficiency to improve patient care. However, the security of most hospital systems isn’t generally up to the standards of other industries, making healthcare an easy target for cyberattacks.
In addition to the usual workstations, laptops, and servers found in every industry today, the network-connected devices in a typical hospital also includes a morass of IoT medical devices like ventilators, X-Ray and MRI machines which are also computerized with their own operating systems and applications just like a laptop. However in today's technological era, these devices just as a laptop can easily and rapidly become outdated, and in need of patching or updating. This leaves systems vulnerable to cyberattack. Unlike your personal laptop, however, it’s a lot more difficult to patch or update a medical device and this places hospitals and patients at risk, - risk that the device attached to or treating them may be maliciously altered or suddenly stop working.
Vulnerabilities and gaps in a healthcare provider’s IT system affect the hospital as well as patients. Healthcare institutions have large amounts of personal confidential information known as PII which includes such things as your SSN, home addresses, phone numbers, and your possibly your credit card details for co-pays. They also have a large amount of personal health information known as PHI which includes your medical record, everything you have been diagnosed with, and what prescriptions you have been issued. If a hospital is hacked, all that information is now vulnerable and can be stolen and exploited. Stolen patient records can be used in identity theft schemes and contact information can be sold to marketers. Payment methods, health insurance, and even your prescriptions can be stolen and sold on the black market by cyber-criminals.
Medical devices and other healthcare IoT systems (HIoT) are growing at a phenomenal rate and already outnumber traditional computers. Machines such as heart monitors and medicine dispensers are often connected wirelessly using old insecure encryption and sometimes they are even connected to the internet. If a hacker were to infiltrate the system, which can be done easily, medicine might not be administered accurately, and medical devices could shut down.
At the other end of the spectrum, many of the largest hospitals use networks that rely on 20 or 30-year-old mainframe computer systems, and some are highly vulnerable to a variety of security risks because of their age. Many healthcare organizations aren’t aware of these vulnerabilities, or those of other systems in use on a daily basis, thus increasing patient safety concerns.
Healthcare institutions operate 24/7/365 making it nearly impossible to patch and upgrade their systems. Nurses, doctors, and hospital administrators rightly focus on patients and patient care, but can inadvertently neglect privacy and security, leaving patient data unprotected while raising concerns about patient safety. That’s where the job of Cylera MedCommand comes into its own. By allowing doctors to focus on patients, Cylera automates the security and privacy of the entire network through artificial intelligence to identify, risk assesses, isolate, and manage medical and other HIoT devices and leaves doctors to treat patients.
To see how Cylera can help your hospital focus on its patients, please contact us for a conversation or demo.