For several years now, the healthcare sector has been experiencing an increasing intensity and complexity of threats to cybersecurity. While organizations spend more money than ever before on securing their assets, hackers are constantly looking for their paths and stealing sensitive data, including medical records.
The technology for hospitals is evolving, as are the risks for hospitals. The rapid pace of change is putting hospitals under increasing pressure, and as soon as new protection techniques emerge, next-generation attacks are launched by cybercriminals.
Recently, health IT systems have become attractive targets for cybercriminals. This may be because healthcare organizations have more and more lucrative patient data – including personal and financial information – that cybercriminals can use to steal their identity.
What’s more, as more and more health care services are available online and the use of mobile devices increases, hackers are exploiting new gaps and ransom programs to block systems. Given that patients’ lives are at stake, many organizations decide to pay a ransom to recover data and access services.
Unfortunately, the future of the relationship between the security of health care and hackers goes far beyond playing a cat and a mouse, which is why it is not in the best colors. Hospital attacks in the United States and elsewhere have not only highlighted the potential risks, but also the ease with which some groups attack healthcare systems and the earnings of hackers.
Updating of information systems
There is ample evidence that cybercriminals are attacking less modern systems. Over the next 10 years, healthcare is expected to invest in modern technology to improve safety.
The biggest challenge for IT managers responsible for this sector is to manage an infrastructure consisting of diverse and overlapping technology, often with gaps between the layers that allow hackers to gain access.
The management of such systems is cumbersome and difficult. In many cases, system module manufacturers no longer support their products. For example, Microsoft withdrew its support for Windows XP a few years ago, which means that it no longer receives updates or security patches.
Older systems, especially those over decades old, are the most vulnerable. They are often too integrated into the organization’s infrastructure to be replaced. But as security risks increase in the coming years, the replacement of such systems by modern ones will become a priority for health care.
Internet of Hookable Things
As more and more medical and mission-critical devices connect to the Network, their security is a very expensive interception and control attacks can have fatal consequences.
I am reminded of a similar story from a few years ago, when the doctor of the then vice-president of the USA, Dick Cheney, disabled the possibility of wireless control of his pacemaker in order to prevent a possible attempted attack. Human life is increasingly dependent on medical devices that can connect to the Internet, so the safety of the Internet of Things (IoT) is becoming increasingly important.
If this problem is not effectively addressed, safety concerns may hamper the development of mobile and portable devices, which have become a mass marketplace in health in recent years. The ubiquity of smart mobile devices and the availability of online storage can help such tools change the preventive and out-patient care market.
Unfortunately, many of these problems with medical devices cannot be eliminated by simply using a software patch – they need to be rebuilt here, and that takes time. Safer devices for hospitals and patients may only appear in a few years’ time.
Large data collections and their analysis will enable the development of precision medicine, the improvement of the health of the population and decent care. Unfortunately, these issues are often neglected due to poor data protection management procedures. Hospitals need to improve their practices: a large proportion of data leaks are due to human error. Most hospital systems use multiple shared workstations and passwords, and there is no such phenomenon in any other industry.