The healthcare industry is an obvious target for cyber-crime. Rife with valuable personal data, the advent of technology has only made that information more accessible to those with malicious intent. Paperwork of old has now relocated to the cloud and database systems and while this has proven usefully efficient to patients and their medical practitioners, the increased connectivity and subsequent ease of remote access and data sharing is also what makes the industry vulnerable.
The Internet of Medical Things (IoMT) incorporates all manner of mobile devices and interconnected systems upon which patient’s details and medical records are stored. Together with confidential patient data there is other important intellectual property that holds high value both to key stakeholders and more worryingly, cyber criminals. Medical records sell for extortionate amounts online and with healthcare cyber-crime on a sharp incline more and more money is having to be spent on cleaning up the damage following the loss of such critical data.
The need for a strong cyber security function within medical organisations is higher than ever before. From specialist practitioners, community and aged care providers and diagnostic service providers to government health departments, research and academic enterprises, healthcare consultancies and primary healthcare practices to name but a few facets of this diverse field, not to mention the IT software vendors and general IT services; opportunities for data theft, identity theft and holding systems ransom for money are plentiful.
When investigating healthcare security systems, the cyber security team will first conduct a third-party assessment of the network to weed out any points of weakness and network visibility. This is also pertinent when it comes to all medical devices that may be linked to the network as they present a logistical nightmare. Device ownership is often tricky to ascertain and thus to understand who is using any one tool at any one time, information which is necessary in order to adequately secure it. This is where the importance of visibility comes in, as when a hospital or healthcare organisation knows what is on their network they can properly monitor it as well as the devices on it.
Equally important is the need for cyber security awareness for key clinical staff members. Doctors, physicians, and administrative staff are among the most commonly targeted healthcare workers, surprisingly more so than those employees at executive level. Hackers are sophisticated and know how to exploit the human factor in the medical space. Taking advantage of time-poor doctors, natural curiosity and an ever present need to serve the greater good of others; cyber criminals do their research on where to focus their attacks.
To avoid legal ramifications, medical fraud and the reputational damage of leaked patient data, the healthcare industry needs to stay vigilant to the importance of cyber security. Implementing the proper security strategies and providing cyber security training to educate all staff on the value of security is critical in order to protect the industry as a whole.
You may also be interested in these articles:
- Working in Network Security
- So, you want to be a Security Engineer?
- How much is your data worth on the dark web?