Equal Importance of both Cybersecurity Efforts and Patient Care
By Sara Jost, Global Healthcare Industry Lead, Blackberry
The recent WannaCry and Petya ransomware attacks are a true testament to the current times we live in and have once again brought cybersecurity in critical sectors to our attention. If hackers manage to lock and/or encrypt the health record of a patient needing immediate healthcare attention, the patient’s life may be in danger. In addition, complications created during the cybersecurity attack can last for an extended period of time, even after the cybersecurity incident has been dealt with.
The growth in ransomware attacks worldwide and widespread impact should mean Singapore is thinking very hard about the health of its own cybersecurity network in its ‘Smart City’ future, especially for critical systems like transport and healthcare. Securing the network and medical devices therefore is becoming a top priority for the healthcare industry.
Rise of Internet of Healthcare Things
IoT has revolutionized businesses across various sectors, including the healthcare industry. According to a report published by Deloitte, wider adoption of Technology Enabled Care (TEC)— where healthcare practitioners can undertake e-visits, write e-prescriptions, diagnose, and deliver treatment via remote digital monitoring— can result in direct cost savings and enhanced patient care. Hospitals in Singapore have also started to use connected devices, and are looking at introducing technology that can help doctors, nurses, and patients receive medical advice and help when needed. For example, the team at Singapore’s Integrated Health Information Systems (IHiS) has been introducing wearables that can allow the doctor to see the patient demographics, x-rays, lab results, and other such patient information.
While all connected devices from pacemakers, insulin pumps and x-ray machines have significant benefits, they also run a significant risk of being attacked.
The healthcare industry, like other enterprises, should safeguard critical information the same way it safeguards a patient’s well-being
For example, St. Jude Medical's implantable cardiac devices were in fact found to be vulnerable to cybersecurity intrusions and exploits, as confirmed by the US Food & Drug Administration (FDA) earlier this year.
Protecting Patient Records
Chief Executive Officer of IHiS, Bruce Liang, announced in late May that the government will be making it easier for any doctor to see a patient’s medical history and treatments. Besides storing information in a vast electronic database, patients can better understand and manage their health themselves. These initiatives are linked to Singapore’s wider vision of fostering innovative and integrated care models across the healthcare sector and using big data to develop evidence-based public health policies.
This is a bold move, and IHiS recognizes that technological advancements also bring with them risk: the threat of patient records and other sensitive data making its way into the wrong hands. According to the U.S. Department of Health and Human Services’ Office for Civil Rights, one in every two Americans were affected by this last year due to a data breach in healthcare. Furthermore, cyber liability insurers raised their premiums threefold for healthcare providers as this has been the most attacked industry two years running, surpassing the financial sector.
Operators therefore need to acknowledge that the data is as important as their patients and take the necessary measures to mitigate risk. Given the reliance on connected healthcare devices and the data they provide, protecting this information and the devices that monitor and treat are in-line with protecting patient lives.
Securing Medical Devices and the Network
Dr Yaacob Ibrahim, Minister for Communications and Information in Singapore, urges citizens to recognize that cyber security is everyone's responsibility –among organizations and individuals alike. Here are some steps that healthcare professionals can take.
Hospitals should ensure that all staff use secure communications tools when texting, making or taking phone calls, or collaborating with staff or patients and even insist on multi-factor authentication on all their devices. Secondly, healthcare organizers should educate staff how to identify and avoid phishing scams, ransomware attacks, and other email-based threats. Thirdly, healthcare workers should understand how using the healthcare organization’s approved applications (that have been security tested) supports data security. Fourthly, healthcare organizations should also put email solutions, collaboration tools, and other critical apps in ‘containers’ to protect sensitive content. Laptops and desktop PCs, tablets and smartphones, wearables, and IoT devices can be protected with unified endpoint management solutions. Last but not the least, healthcare organizations should have a standard which includes a holistic representation of best-practice medical device security, developed with input from a variety of industry experts, including university researchers and cybersecurity firms to nurses and medical manufacturers.
It can be said that technology gives healthcare providers a way to efficiently deliver the best quality medical services, but they have to develop a strong security framework to ensure the smooth functioning of their business without compromising on patient care. The healthcare industry, like other enterprises, should safeguard critical information the same way it safeguards a patient’s wellbeing. With its vision for a ‘Smart Nation’– this should be a priority for the Singapore government, businesses, and community to ensure a safer, connected future.