The recent SingHealth breach should be a wake-up call for governments across the world that they have a duty of care to protect their hospitals and citizens from cyber-attack. A compliance-based approach that focuses purely on confidentiality is now outdated when it comes to attacks that could severely impact data integrity or health system availability and thus impact patient safety.
In this HIMSS interview, Richard Staynings, Chief Security Strategist with Cylera, and Bruce Steinberg MD of HIMSS International, discuss the need for a better risk-based approach to cybersecurity that includes assessment of all assets connected to the hospital network, including a quickly growing number of medical devices and hospital building management systems that by and large cannot easily be secured.
"Are we leaving the back door open by not understanding the risks that these HIoT systems pose and thereby potentially putting patient lives at risk?" asks Staynings.