The Fiji Times » Age of digital health – Cybercriminals sharpen focus on healthcare

If you haven’t heard it already, the age of digital health has arrived. And it’s time for healthcare providers, patients and consumers.

Digital Health, sometimes referred to as eHealth or Mobile Health (mHealth), has many elements, but I focus on defining digital health as the way that health authorities, corporations, hospitals and care service companies, and patients adopt and use wireless devices, Hardware sensors, software sensor technologies, the Internet, social networks, health information technology, personal health devices or wearables and mobile connectivity to enable more efficient tracking, management and delivery of “health care”.

Digital health has already shown the potential to improve our own health and that of our families and lead more productive lives. Digital health reduces many of the inefficiencies in the delivery of health services.

It improves access to health information and services, increases the quality of delivery and enables much more personalized use of health care for patients. Digital health simply focuses on connecting the systems, tools, medical devices, and services that provide each of us with the healthcare they need, giving each person in the healthcare landscape critical data insights that were previously unavailable.

The digital health opportunities also come with an inherent risk that can wreak havoc if not properly addressed and mitigated. Fortunately, this risk is completely manageable. Healthcare companies that have moved quickly to digital health strategies are now faced with questions that other companies in other industries have been asking themselves for years.

That is, how do they pursue a digital strategy and support automation while at the same time providing adequate security and privacy controls across the network to which these systems are connected?

While the increasing use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats, these features also improve healthcare delivery and increase the ability of healthcare providers to effectively treat patients.

Dealing with cybersecurity threats and the resulting security risks to patient data is becoming a particular challenge.

Because cybersecurity threats cannot be completely eliminated, manufacturers, hospitals and institutions must work to address them. A balance needs to be struck between protecting patient safety and encouraging the development of innovative technologies and improved device performance.

Government ministries of health and private organizations, especially hospitals, must not only decide how to best protect legacy systems and devices that support all functions of their business, but also introduce new connected devices into their networks that are not in the first place the right security measures.

Many healthcare IT departments are trying to secure this new networked, digital health environment with static, reactive security products designed to detect and warn security breaches.

So how does it work? Unfortunately, some hospitals are actually starting to allocate operating budgets to pay off ransomware attacks as it is cheaper and easier than trying to adapt current products to their digital health environment.

Hackers are always looking for vulnerabilities to exploit, and if one approach doesn’t work, they develop another and try again. The digital healthcare ecosystem is also constantly evolving, and awareness of cybersecurity risks has grown recently. Even before the ransomware cyberattacks escalated at the end of October 2020, a sobering report from Germany in September 2020 about the first known death of a patient in connection with a ransomware attack increased awareness of the consequences of a successful attack in the digital healthcare sector.

A strong cybersecurity position is critical to providing the highest quality care and running efficiently.

Unfortunately, a recent report shows that healthcare providers are the sector most affected by cybercrime, accounting for 80 percent of all security breaches reported. In 2020, nearly 500 vendors had security breaches, affecting just over 16.5 million patients.

The past 18 months have cemented the need to be prepared for the unexpected, be it a global pandemic, a natural disaster, or anything in between. New threats are constantly shifting and emerging. For example, the COVID-19 vaccine distribution pipeline is now exposed to serious cybersecurity risks as hackers attempt to exploit vulnerabilities in the massive global effort.

Cyber ​​criminals continue to focus on healthcare. With stronger, more proactive cybersecurity measures in your company, patients and providers will be better protected from the dire consequences of an attack.

As the custodian of valuable patient data, it’s no surprise that healthcare is one of the top targets for ransomware attacks. Many companies lack transparency about the access points to their corporate network, e.g. B. Desktop computers, laptops, mobile devices, printers, medical devices, and more. In addition, hospitals often lack cybersecurity experts and financial resources. Manual processes and an overwhelming number of alerts are also challenges.

You can’t kill someone with a computer virus, but laptops and smartphones offer more protection from hackers than most medical devices designed to keep us alive! Take, for example, the computerized insulin pumps that some diabetic patients use instead of injections to help maintain normal blood sugar levels.

What if someone “hacked” one of these pumps? They could alter insulin delivery and place the patient in a potentially life-threatening situation. This is just one example of the dangers of hacking medical devices. Other health devices such as MRI scanners, pacemakers, and heart rate monitors are also at risk.

With the increasing penetration of digital health, IoT, and connected medical device technologies to support the growing demands in healthcare, cybersecurity and data protection are becoming the primary concerns of the digital health industry. It is estimated that data breaches will cost the healthcare sector a whopping $ 400 billion ($ 812 billion) over the next five years.

The worst personal data breach in Singapore (SingHealth) history occurred in July 2018 when even the Prime Minister’s health records were compromised! For a healthcare provider, technology developer, or investor involved in digital healthcare, it is absolutely important to consider the cybersecurity implications and how it affects your business decisions. Here are some important considerations to think about.

Cyber ​​security threats can range from government sponsored attacks to ransomware attacks by individuals or groups.

However, cybersecurity does not only come from external sources, it can also come from internal sources, sometimes without intent to harm, but rather by accident. In 2019, a Merge Hemo device (a medical device that assists cardiac catheterization) suddenly responded in the middle of an operation. Fortunately, the cardiologists were prepared and the disturbance was temporary. Further investigations revealed that the computer system had gone through a software update at an inconvenient point in time, which automatically restarted the system! Such simple and overlooked cybersecurity risks can potentially be life threatening.

Traditionally, “detection” has been the center of all cybersecurity protection tools in the last few decades, be it antivirus, sandboxing, machine learning, threat intelligence, intrusion detection or network analysis tools. All technology basically tries to “spot the bad guys” in order to remove them when they are found. The disadvantage of this approach is that tons of new malware are created around the world every day.

Security should start in the concept phase. Many companies view security as a layer that is built in “later” – but this leaves room for vulnerabilities that were not initially thought of. An analogy would be thinking about building a house. Building a strong foundation is critical, but this thinking should begin as early as the planning stage. Retrofitting or later dismantling can help, but often leaves behind weak points.

With the ever-increasing complexity of advanced malware, it is critical for companies working with digital health solutions to take a holistic approach to cybersecurity by looking at three factors – people, processes, and technology;

• People – have multi-level, bespoke training for different levels of staff. The best technologies and solutions don’t mean much if individuals in a business are not well equipped to respond to a cybersecurity threat;
• Process – Don’t just focus on paper compliance and certifications, hire strong cyber audit service providers, cybersecurity experts, or “ethical hackers” to conduct vulnerability assessments and penetration tests and
• Technologies – Look beyond detection and expand it with prevention-oriented paradigms.
  As a smarter man than I realized; “We’re seeing an interesting convergence of technology, health, social issues, and human progress.” As always, God bless you all and stay safe and secure in the physical and digital world this weekend.

• Ilaitia B. Tuisawau is a private cybersecurity consultant. The views expressed in this article are his and are not necessarily shared by this newspaper. Mr. Tuisawau can be contacted at ilaitia@cyberbati.com

source https://dailyhealthynews.ca/the-fiji-times-age-of-digital-health-cybercriminals-sharpen-focus-on-healthcare/