What makes cyber attacks so disastrous for healthcare providers, and how can we begin addressing these threats?
The recent SingHealth breach should be a wake-up call for governments across the world that they have a duty to protect their hospitals and citizens from cyber-attacks. A compliance-based approach that focuses purely on confidentiality is now outdated. These attacks could severely impact data integrity or health system availability and therefore affect patient safety.
By nature, cyber attacks target the confidentiality of medical records, but the integrity of these records are equally important. If the contents of patient medical records are tampered with, it could spell disaster for any treatment attempt from medical staff depending on these records for information. In addition, the availability of these systems in uncompromised condition is critical to many fundamental operations of hospitals. The rising costs of healthcare prevent the updating and procuring of the necessary tools to combat cybersecurity risks and improve patient care.
Without their technology systems meeting these three conditions, healthcare providers are reduced to primitive methods of action which may have life-threatening consequences.
The Next Step in Assessing Risks
In this HIMSS interview, Richard Staynings, Chief Security Strategist with Cylera, and Bruce Steinberg MD of HIMSS International, discuss the need for a better risk-based approach to cybersecurity that includes assessment of all assets connected to the hospital network, including a quickly growing number of medical devices and hospital building management systems that by and large cannot easily be secured.
"Are we leaving the back door open by not understanding the risks that these HIoT systems pose and thereby potentially putting patient lives at risk?" asks Staynings.
See the full discussion below:
Learn more about The Cost of a Data Breach