Health networks must stay on offensive against cyber threats

July 8, 2022

According to a release from Philips, the exponential increase in the volume and types of data lends itself to increased vulnerabilities and cybercrime in today’s health networks.

The proliferation of connected health devices today has the potential to improve both the clinician experience and patient care, while driving cost-saving efficiencies across a health system. Hospitals, which were once less preyed upon by cybercriminals, are now among one of the most prominent targets, with 2021 being a record-setting year for healthcare data breaches. As health systems look to connect care across growing care settings both within and outside the hospital, an end-to-end security strategy is imperative to ensure a seamless and secure flow of information.

Most of today’s healthcare leaders recognize the need to be prepared for cyberattacks, but many emphasize defending their IT systems and data with firewalls or intrusion detection software. While protecting these assets is critical, and a shared responsibility, today’s environment also requires an offensive strategy. Such a strategy includes bolstering staff’s awareness and preparedness to ensure all involved are ready to react in the event of a breach and partnering with a trusted technology provider with a security-first mindset to help guide proper technology integration, monitoring, and response planning.

A strong cybersecurity strategy involves efforts to help shift staff attitudes from reactive to proactive. Healthcare organizations and vendors need to have a thoroughly tested plan in place if a “successful attack” occurs to ensure confidentiality, integrity and availability of critical data and the systems that house that data. Such a plan determines the immediate next steps to expel the attackers from the infrastructure quickly without disrupting business or patient care – who do they involve? What is each responder’s role? How long will it take to transfer data to backup servers? Even the most seemingly solid, detailed incident response plans (IRPs) need to be rigorously exercised – more often than not, rehearsing one’s plan leads to critical learnings around areas for improvement.

Frequently, cybersecurity IRPs are developed with good intentions but then filed away for later. Instead, these plans should be continuously rehearsed and revised as cyberattacks become increasingly sophisticated and hospital IT systems change.

Of course, every cyberattack is unique, and one can never be fully prepared. Consistently practicing the incident response plan, learning from other hospitals, updating the plan accordingly, and ensuring staff is trained to execute next steps will help to safeguard physical and digital assets in many scenarios. Taking these actions may not only help to protect systems, but also bolster the care team’s confidence.

Identifying a knowledgeable and committed IT security partner is key to minimizing the impact of a cyberattack and even potentially preventing attackers from infiltrating assets in the first place. Such a partner recognizes that cybersecurity does not stop at protecting an individual product but instead requires a systemic approach, infusing security principles from product design, to testing and deployment, to establishing robust procedures for monitoring and incident response management. Technology providers can speak to their experience and best practices across many clients and provide evidence-based guidance for the most effective response plans.

The right partner can also help simplify the complexity and variety of one’s IT systems – the primary driver of security vulnerabilities and ineffective IRPs. While the recent surge in digital health innovation and adoption holds great potential for transforming care delivery, health systems need to prioritize end-to-end integration strategies that simplify and connect their tech infrastructure. This can help reduce an attacker’s entry points, streamline system monitoring, and can ultimately help to make security more manageable and cost-effective.

Philips release

Photo 170554520 | Business © Kseniia Kolesnikova | Dreamstime.com
ID 154742479 © Pop Nukoonrat | Dreamstime.com
Photo 284411646 | Ai Healthcare © Yuri Arcurs | Dreamstime.com