Exploring the persistent threat of cyberattacks on healthcare

26 June 2023 | 12:11 Code : 35366 news
visits:168
In this Help Net Security interview, Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, discusses the long-term impacts of cyberattacks on healthcare institutions and what healthcare providers can do to protect patients’ personal data and medical devices.
Exploring the persistent threat of cyberattacks on healthcare

Can you explain how the various hospital information systems (EHR, e-prescribing systems, practice management support systems, etc.) might be vulnerable to cyberattacks?
Anything connected to a network is potentially vulnerable to cyberattacks, but the risk varies from device to device. There are three major types of risks that need to be considered. First and foremost are devices directly interacting with a patient, such as infusion pumps or X-ray machines. These pose a direct patient safety risk if there is a compromise.

The next major category would be systems that contain large amounts of data, such as Electronic Health Record (EHR) systems and Picture Archiving and Communications Systems (PACS). These pose more of a risk to confidentiality than directly to patient safety, but because the large amount of data poses a risk to a large number of people, they are associated with potentially hefty fines.

Finally, everything else can be a gateway to further attacks on a hospital. A single entry point could be the start of a massive ransomware attack at an institution that hasn’t properly implemented network controls.

Could you elaborate on the long-term impacts of significant cyberattacks on healthcare institutions?
Cyberattacks on healthcare have been on the rise the past few years, and we don’t see any indication that they are going to slow down. Healthcare institutions need to start dedicating larger budgets to cybersecurity, at least in the short term to get proper medical device security programs in place. There is a huge backlog of systems at nearly every institution that needs to be managed for risk. In the long term we will likely see stricter requirements from the FDA and HHS, and every institution running a dedicated medical device security program, either internally or outsourced.

How can patients ensure their personal information is safe when interacting virtually with healthcare providers?
Right now, patients don’t have a lot of control over the matter. There isn’t good visibility into which healthcare institutions are doing a good job protecting their patients’ data, and in most regions, one institution dominates the facilities in that area. The best that individual patients can do right now is to always use their institutions’ secure portals to communicate information, and never use email.

https://www.helpnetsecurity.com/2023/06/26/healthcare-institutions-cyberattacks/

tags: systems healthcare healthcare institutions cyberattacks institutions risk device

Your Comment :