In recent years, the healthcare sector has faced increasingly intense and complex cybersecurity threats. Organizations are spending more money than ever on security, but hackers keep finding ways in and continue stealing sensitive data, including personal medical records.
As hospital technology evolves, so will the threats. The rapid pace of change means that hospitals will face even more pressure because as fast as new prevention techniques are released, cybercriminals move on to the next generation of attacks.
Healthcare IT systems have only recently become attractive targets for cybercriminals. That is because healthcare organizations are increasingly holding more and more lucrative patient data — personal and financial information that cybercriminals can use to commit identity fraud.
Furthermore, with more healthcare services being provided online and the use of mobile devices increasing, hackers are exploiting new vulnerabilities and using ransomware to take systems down. With the lives of patients at stake, many organizations decide the best option is to pay the ransom to retrieve data and get their services restored.
Unfortunately, it’s difficult to see a future beyond an escalated game of cat and mouse playing out between healthcare security and hackers. The recent spate of attacks on hospitals in the US and around the world has certainly raised awareness of potential threats, but one might also argue that the ease in which some groups have attacked healthcare systems has also highlighted the rewards for hackers.
Updating IT systems
There’s plenty of evidence that cybercriminals are targeting less-modern systems, and over the next five to 10 years we expect healthcare providers will invest in updated technology for greater security.
The challenge for IT managers in this sector has always been managing an infrastructure built over diverse and overlapping technology waves, often with gaps between the layers that enable hacker access.
The systems are cumbersome and difficult to manage. In many cases, the manufacturers of system components no longer provide support for the products. For example, Microsoft withdrew support for Windows XP a couple of years ago, which means that the software is no longer updated or patched for security.
Legacy systems, especially those more than a decade old, are extremely vulnerable and often integrated too deeply into an organization’s infrastructure to be replaced. But as security threats intensify over the coming years, replacing these systems with modern IT will become a priority for healthcare providers.
The Internet of Hackable Things
As more critical medical equipment and devices move online, the stakes for security are high — malicious actors hijacking and controlling them could have deadly consequences.
I’m reminded of a story that from a couple of years ago about former US Vice President Dick Cheney’s doctors disabling his pacemaker’s wireless capabilities to thwart possible assassination attempts. As more and more of the medical devices people depend on to stay alive are being networked, Internet of Things (IoT) security is fast becoming a higher priority.
If not tackled effectively, security concerns could hamper the development of mobile and wearable devices, which have exploded on the healthcare scene in recent years. Cloud-powered and enabled by the ubiquity of smart mobile devices and online storage, these tools have the potential to transform preventative and outpatient care.
Unfortunately, many of the problems with medical devices can’t be fixed with a simple software patch — instead, the systems must be re-architected, and that takes time. It could be years before hospitals and patients see more secure devices.
Big data and data analytics open doors to precision medicine, population health, and value-based care. But often they are let down by poor management procedures for data protection. Hospitals need to improve working practices; a large proportion of data breaches come down to human error. Most hospital systems have many shared workstations and shared passwords, something not regularly seen in other industries.
Hospitals also have to deal with the challenge of a proliferation of data from a wide range of sources — from mobile devices to data generated from health monitoring sensors. As a result, hospitals are under pressure to maintain numerous isolated IT assets and the data that resides on them.
Until data security is addressed, health IT professionals will continue to face major barriers to the widespread adoption of new technologies. Therefore, we expect healthcare providers to take steps over the next few years to improve security by putting reliable access management procedures and systems in place. As well as keeping operating systems, browsers, and applications up to date, this will include enabling strong access security controls.
Changes to technology in healthcare are coming on fast and furious, and it’s past time for healthcare organizations to take action to secure their systems. By combatting security threats head on through systems that are built from the ground up with the management and protection of data in mind, we can realize a future in which healthcare technology transforms our lives for the better.