Cybersecurity and data protection in healthcare poses a distinct challenge. For instance, if a bank card is stolen, its owner can block it with a simple phone call and have a new one issued. But if information about laboratory tests or diseases is leaked, it is impossible to “cancel” it.
Despite the great transformation that has happened over the decade in digital technologies, the healthcare sector’s ability to protect patient privacy is contentious.
From the point of registering patients for treatment, clinical trials, research, and every other purpose, healthcare providers need to bear in mind that we are at war with cybercrime despite having to balance providing excellent quality, protecting patient privacy, and complying with HIPAA and GDPR.
The healthcare sector has been on the target radar of nefarious hackers for a very long time. However, the fight between cyber criminals and the healthcare industry can be won by the latter, if they implement strong cybersecurity controls and adopt a cultural shift of adopting cybersecurity best practices.
Here are some useful measures to incorporate and strengthen cybersecurity at healthcare organisations:
Implement robust cybersecurity strategies
Security Magazine reports that 18 per cent of organisations allocate one to two per cent of their IT budget to cybersecurity yet claiming to prioritise cybersecurity.
This leaves open negligence to the provision of a layered cybersecurity approach that should cover the standard seven layers of cybersecurity, such as Mission-Critical Assets (this covers EMR), Data Security, Endpoint Security, Application Security, Network Security, Perimeter Security (firewalls that protect the business network against external forces), the Human Layer (a very weak and necessary layer that incorporates management controls and phishing simulations, for example).
Develop incident response and disaster recovery plans
According to the report, healthcare cybersecurity leaders should create a crisis response team that can manage cybersecurity in the event of a security incident. The team should include members of the technology, communications, legal, and business continuity departments. Conducting a tabletop exercise on a potential incident can help healthcare organisations identify gaps in their emergency response plan.
Engage emerging technologies such as artificial intelligence
Particularly for large providers, the volume of attempted attacks can be significant, that it would be impossible for a human or team of humans to efficiently sift through them to identify the most serious or pressing ones. This is one area where artificial intelligence can play an important role.
As healthcare organisations continue to face increasing cybersecurity incidents, it is paramount that they pay close attention to these pressing issues and take swift action. Otherwise, they are not only putting themselves at risk, but also their patients.
----
Jennifer Orisakwe is a health researcher and data storyteller, who loves to explore the ways actions (and inactions) of healthcare stakeholders affect decision-making and outcomes.
