According to the Office of the Australian Information Commissioner, healthcare is consistently the industry most affected by cyberattacks. Given the increasing reliance on connected technologies, this is a worrying trend.
Healthcare organisations are prime targets because they hold a lot of confidential data. From financial / insurance details to sensitive medical data, the information held in healthcare systems is exactly what cyber criminals look for.
Despite this, most organisations don’t consider cyber security a priority. This has led to widespread under-investment in the technology and training required to identify and prevent attacks. Given the size and complexity of a lot of healthcare organisations, this is a particular issue, as there are many entry points for attackers to get access to systems and data.
In addition to the standard concerns all individuals and organisations face – like malware, ransomware, and phishing – the are a few issues that are especially prevalent in the healthcare industry. These include:
- Cloud hacking: With more organisations moving their data to the cloud, attackers are now focusing on potential weaknesses in encryption as a way to access patient data.
- Security of clinical data: While increased integration of healthcare systems makes patient data easier to share, it also makes it more susceptible to hacking. Attackers realise this and have started targeting medical centres, using their weaker security as an entry point to broader industry networks.
- Inconsistent practices: With many healthcare organisations employing large numbers of staff and operating across multiple locations, it can be difficult to implement effective cyber security controls and processes – this inconsistency can create opportunities for attackers.
Although cyber security can be complex and the technology is constantly changing, there are some basic protections all healthcare organisations should implement. From a technical perspective, using firewalls and antivirus software (and updating it regularly!) is a great start. Understanding your organisational risks from a technology aspect is a good way to start thinking about the cyber security impact on your business.
This should be supported by an open discussion with all team members about the role they play in keeping systems and data secure; and why they need to be vigilant when opening emails, using personal devices, and sharing passwords.
Once the basics are in place, more complicated solutions can be considered, like identity management and network monitoring. Your existing IT provider should be able to provide these services.
Disclaimer:This article reflects the authors personal opinion only. It should not be taken as personal technical advice. Before embarking on any cyber security activities, you should fully educate yourself as to the risks and costs involved and seek appropriate advice.