Despite progress on several security fronts, experts say it’s time to treat our medical system as critical infrastructure
Healthcare Security: Hackers taking control of pacemakers and insulin pumps. Nation-states attacking an entire country’s medical infrastructure.
These are just a few of the potential security dangers that security experts say face the United States healthcare system. But is the system and its patients more secure today than in the past? Here’s what the experts have to say.
What the Security Reports Say
Perhaps the most in-depth examination of healthcare cyber security was carried out by the Healthcare Industry Cybersecurity Taskforce, funded and overseen by the federal Department of Health and Human Services. When the group released its final report in 2017, it summed up its findings succinctly: “Healthcare security is in critical condition.”
Further, it pointed to a “severe lack of security talent,” vulnerable legacy medical equipment, and the difficulties of protecting an almost impossibly complex medical system made up of “very large health systems, single physician practices, public and private payers, research institutions, medical device developers and software companies, and a diverse and widespread patient population.”
A 2018 Symantec report, followed, and warned that healthcare cyber risks were rising, in part because health data has become a high-value target for cybercriminals. Perhaps even more frightening, it added, healthcare organizations have become “high-profile targets for hacktivists and nation-states.”
What the Experts Say
Dr. Christian Dameff, an emergency room doctor at the University of San Diego and cyber security researcher with a focus on healthcare, says the results are mixed.
“There’s been progress,” he says, “But we’re still far behind where we need to be. We still have daily breaches. We don’t do a good job with data security. But at least we’re beginning to recognize the problems and turn the tide.”
Large hospitals and healthcare systems in metropolitan areas are the most protected, he says, because they have the funds and sophistication to address the problems. But facilities in more remote and rural areas lack funds and know-how, and so are most at risk.
But even the most sophisticated hospital systems, he believes, “don’t have a coherent cyber security strategy in place. It’s not because they don’t want to. It’s because no one has been able to establish one yet. You can’t just borrow a security playbook from finance or other industries. The healthcare industry is far more complex than other industries when it comes to cyber security.”
“Facilities in more remote and rural areas lack funds and know-how, and so are most at risk”
Among the difficulties are that hospitals “Are Frankensteins put together from disparate parts — they include hundred-plus vendor systems with poor interoperability between equipment.” Medical devices such as CT scan machines frequently run on outdated operating systems like Windows XP that can’t be properly protected — and large systems can have hundreds of such devices, each with their own unique, one-off security challenges.
He adds that in other sectors, such as the financial industry. So, it’s easy to know when you’ve been attacked — money goes missing. But in healthcare, people get sick and die every day, and it can be difficult to know the reasons for it. So, there are no obvious red flags that signal a hacker has invaded a system.
Urgency, not Panic Needed
Symantec Technical Architect Axel Wirth says that despite the myriad cyber dangers to the healthcare system, “I don’t think it’s a ‘the sky is falling’ type of situation, so we shouldn’t panic. But we should proceed with a sense of urgency.”
However, he says that hospitals are still in danger of being victimized by ransomware, malware, and other attacks, and he concurs with Dr. Dameff that the complexity of the healthcare system makes it difficult to protect it. He suggests a number of solutions, including medical device makers warning hospitals and doctors about device vulnerabilities. So, Hospitals including security requirements in purchasing agreements with manufacturers, and the government taking actions to ensure new devices meet cyber safety requirements.
Dr. Dameff adds that there has been progressing in cyber protections, notably by the FDA in security regulations for new medical devices. But ultimately, he believes the solution to medical cyber security requires much more than isolated actions from the government, the industry, and manufacturers. The only way to protect the healthcare industry and patients, he concludes. So is that that government and industry “treat our medical system as critical infrastructure, in the way they treat our electrical grid. Only then can we make real progress towards securing it.”
Healthcare security Service You’ll Need to Be Successful
Before you decide to hire a guard, be sure each candidate possesses these important security guard skills. For even more qualities a successful security guard should have, read more here.
They all boil down to the individual’s ability to serve your clients and protect the public while also maintaining a professional aura. The moment they don that uniform, lives are in their hands. There is no time for slacking off.
You can’t put a price on the security of your business. Hiring a security guard is the smart thing to do, while security systems have a role to play; they can’t protect humans in emergencies.
If you’re looking for a commercial security company to protect your business then look no further than Lighthouse Security Service. The company is a licensed/insured private security agency that provides protection to many companies, hotels, and so on. Our security services are having in-depth training to handle various scenarios that can come up on the job.
Make your business protected by contacting Lighthouse Security today and get assistance with any of your business’s security needs.
