The healthcare sector’s landscape has been changing rapidly in the recent years. With the advancements of key enabling technologies such as the 5G, Internet of Things and Artificial Intelligence, healthcare today is vastly different from a decade ago. Of course, as today’s modern hospitals are getting more interconnected, so are risks of Cyber Security threats.
Cyber Security in the healthcare sector was the theme for this year’s Kaspersky’s Cyber Security Weekend Conference. Various Cyber Security experts were at the conference to share the insights of Cyber Security states in today’s Healthcare Institutions.
Digital Healthcare Institutions – Characteristics
To understand how Cyber Security plays a role in the modern digital healthcare institutions, we have to understand their characteristics.
- Digital Healthcare Records
For a start, the process of digitization is the change of medical records from written and physical form into digital form, which are then stored in databases or repositories. The goal is to have multiple affiliated organizations sharing these medical records to provide a more holistic healthcare to the patients. As an example, Singapore’s Integrated Health Information System, provides medical records of patients across multiple public healthcare institutions. - IoT measuring devices
To further the digitization efforts and reduce human errors, many healthcare institutions are also using smart equipment to carry out conventional tasks. For example, various measuring devices today are directly connected to the hospital’s systems. Once measurements are taken, data is stored directly onto the patient’s medical records, without the need of manual labor by healthcare personnel. - Advanced Equipment and Use Cases
In recent years, with new enabling technologies, there have been a tremendous change in how processes in the healthcare industry operates. One of the most interesting possibilities is the ability to carry out remote operations and procedures over a 5G network. Earlier this year, a surgeon in China has successfully carried out an operation remotely. Of course, we can expect that more of such innovative solutions will come along.
With this understanding, we have seen that modern healthcare institutions have to been highly interconnected. As records and data from devices are all transmitted over a network, and with the reliance on a computer network, cyber security threats are imminent.
Cyber Threats to Healthcare Institution and their Impacts
In the healthcare industry, Cyber Security should not be taken lightly, as any issue could be a matter of life and death. As services within the healthcare institution get increasingly interconnected, a cyber-attack on thse services could result in the disruption in key operations.
Most of the time, such operations could affect patients directly, preventing them from getting the healthcare they require. Of course, the outcome will be disastrous. I can’t imagine what would actually happen when the remote surgery system is hacked by a malicious user!
Furthermore, healthcare institutions actually store a huge amount of personal data. In an event of a data breach, these personal and private data could be exposed to external parties and used for malicious gains. For example, with the SingHealth data breach that happened on July 2018 in Singapore had the medical records of the Prime Minister leaked.
It is said that it will cost a single healthcare institution in Asia Pacific US$23.3M from cyber security incidents. Of course, this could fundamentally threaten the existence of the organization. Therefore, the healthcare sector should be even more aware of how critical Cyber Security can be.
Healthcare Institutions lack Cyber Security Awareness
Sadly speaking, many public and private healthcare institutions today have little awareness of Cyber Security, and this has left them highly susceptible to cyber-attacks.
Yury Namestnikov, Head of GReAT (Russia), Kaspersky, shared that a survey they did in the US and Canada in the healthcare sector – revealing that nearly a third of the respondents said that they have never received any cyber security training.
Moreover, there has also been an increasing number of data breaches in healthcare institutions across the year as well (statistics from the US).
While technology has improved the operations of healthcare institutions, they are still trying to keep up with the cyber security requirements that arises.
Unlike financial institutions which treat cyber security as a fundamental operation, healthcare institutions tend to treat it as a smaller priority. It could highly likely be due to the lack of resources and talent to develop this area, especially in the developing countries.
Recommendations
Stephan Neumeier, Managing Director, Asia Pacific and Japan, Kaspersky, shared some of the key recommendations for the healthcare institutions to be prevent and prepare for cyber-attacks. He covered improvements across People, Technology and Policy (and Procedures).
The Tech Revolutionist would like to thank Kaspersky for inviting us to Cyber Security Weekend 2019.
