Due to medical devices being connected to a healthcare facility’s network, when they become vulnerable to cyber security threats and the possibility of infection this creates a risk to the effective operation of the devices (and the facility itself). This risk leads not only to the malfunctioning of devices, but also to the potential breach of sensitive business and patient data.
A cyber security vulnerability exists when there is an opportunity for unauthorized access to a network or device. This situation jeopardizes the safety and correct operation of a hospital, clinic, business, and any organization that uses a network to function.
Four areas of the cyber security challenge healthcare executives and CIOs should keep in mind to better secure their facility and give their patient’s the reassurance they need are:
Facilities and medical device manufacturers don’t tend to work together. This results in cyber security vulnerability risks not being taken care of in a timely manner.
Not having anyone to review medical device software changes makes it hard to know if the installations, updates or patches required for correct device functioning have been effectively made and/or installed.
Sometimes, the computers and BYOD devices used in a hospital can be infected by malware. Not having knowledge of this infection puts all patient data, monitoring systems and devices in danger of outside access and breach.
Password protection and potential loss is another area that renders healthcare facilities and their devices at risk of cyber attack. It is important to ensure a strong password security system and plan, which can not always be implemented in house.
The repercussions for organizations when medical device malfunctioning and/or network and data breach occur include: hefty fines, bad publicity and ultimately, the possibility of not being able to provide effective services to patients.
What actions can healthcare executives and CIOs take to secure medical devices and facilities from cyber attack?
Four cyber security solutions include:
Regular vulnerability assessments of the facility’s network. This makes it easier to find vulnerabilities and to have the possibility to monitor a network’s activity, which results in being able to know if an attempted outside access has taken place.
Having an expert that knows his/her way around cyber security best practices and latest solutions. It’s like having insurance. Hospitals and clinics that work with information security professionals make it so that they can always have someone to count on for any security challenge. Security challenges such as the correct installation and use of medical device software updates and patches or wanting to ensure that the proper functioning of firewalls has been established.
Periodic network assessments are also helpful. They not only assist with the above mentioned points, but can also find ports that are unnecessary and should be disabled; as well as ensure the security plan established by a facility is being executed correctly.
Last, but not least, CIOs and executives need to develop a long term security strategy. This can ensure business continuity and healthcare facility functionality following an attack or during a crises situation due to unforeseen conditions.
The continuous evolution and changes that take place in the cyber security threat arena make keeping a network secure and providing safety to employees and patients challenging.
Unfortunately, there isn’t a one time solution, but luckily nothing is hopeless. Healthcare CIOs and executives are always doing their best to find the top fixes to their network’s security needs. Often times this includes inside work, but also working alongside an outside security professional or team to triple the security systems’ results and effectiveness.
How are you protecting your healthcare facility from cyber security threats and attacks?
Photo Courtesy of Harland Quarrington/MOD