Cyber security in the Healthcare Industry

COVID, Threat Increase & Development: Cyber Security in the Healthcare Industry

The coronavirus pandemic has put an immense amount of stress upon health services across the world. Peter Eberl, Deputy Head of Unit Cybersecurity and Digital Privacy for the European Commission has said that many hospitals have found themselves victims of ransomware attacks in recent weeks, resulting in the need to relaunch entire IT systems. He’s admitted that the healthcare industry remains at the early stages of development when it comes to IT security, adding that it is not just large hospitals, but also smaller poly clinics, that are at high risk as a result of undeveloped cyber security procedures.

The healthcare industry has been changing with the times and adopting more technological advancements to help their day-to-day operations (most recently the COVID-19 contact tracing apps), however again a fault lies in the lack of security put in place to manage and protect these systems. Namely the ever-increasing adoption of IoT devices, which connect to organisational Wi-Fi and communicate between each other; Athanasios Drougkas a network and infosecurity specialist at ENISA (European Union Agency for Cybersecurity) has recently reported a 600% rise in attacks on hospital IoT devices since the beginning of the pandemic.

Unsurprisingly it’s the lack of security regulation and compliance on external devices used that has left the industry susceptible points of unauthorised access to cyber criminals and APT Groups, and it is clear that this is an area that organisations must pay keen attention to.

Another result of the global pandemic has seen a 40% rise in ransomware attacks, with phishing campaigns that use COVID-19 in the title rife. For any employee in the healthcare industry, it’s reasonable to assume that it’s difficult to ignore an email with that title, and so the difficulty comes with employee ability to spot a phishing attempt and report it to the correct authority (as it stands, only around a half of organisations provide frequent awareness training to email scams). To help protect against these popular scams, the employment of a secure voice and messaging feature works best to allow safe and secure passages of communication between workers, without the risk of breach.

It’s no secret to a CISO, CIO or IT Network Manager that ransomware attacks to the system causes downtime, the average of which lasts 3 days (but often can be much longer). Paul Garassus, President of the UEHP (European Union of Private Hospitals) has pointed out that cyber-attacks are no longer simply ransomware or malware, but “killerware”, as any amount of downtime puts patients in danger.

Active threat risk is not the only factor to put patients in physical danger, but also the risk of unauthorised access to patient records. GDPR legislation requires the implementation of software that will remain compliant with protecting the personal information of patients, of which the data is extremely sensitive, including private medical, personal contact and family details.

It has always been a fact that more needs to be done to bolster the security of the healthcare industry, this includes increasing investment, personnel and responsibility when organisations become victims to breach.

At Serbus, we have been assisting companies and organisations in the healthcare sector to improve their device security, whilst providing them with a network where they can communicate confidential details and correspondence securely and safely. Healthcare has always been considered a key part of our Critical National Infrastructure (CNI), and never more so than now.

To speak with our expert team on how to make sure your organisation stays steps ahead of cyber threat and attacks, contact us on [email protected], or call our office on +44 (0)1432 870 879.