Cyber Security in Hospitals and Healthcare Facilities

“Early last summer, Chinese and Indian armies clashed in a surprise border battle in the remote Galwan Valley…Four months later and more than 1,500 miles away in Mumbai….Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst…those two events may have been connected — as part of a broad Chinese cyber campaign…”

In the ongoing tensions between India and China, cybersecurity has become a hot button issue. Recent reports suggest evidence of foreign malware targeting critical operations in India. Among other operations, Indian healthcare facilities are being perceived as key objects of cyber attacks. With the recent digitisation of operations, hospitals are particularly vulnerable to these attacks. In this background, this blog explores the sensitive nature of healthcare data, and suggests ways for hospitals to protect against cyber attacks.

PII and PHI

Healthcare data is sensitive as it deals with both Personally Identifiable information, and Protected health information. Personally identifiable information refers to data that could ‘possibly identify a specific person’. Examples include address and credit card details. Protected health information refers to ‘any information in a medical record created in the healthcare process’. This could refer to health information such as blood type and allergies. Arguably, PHI is even more sensitive to handle since it cannot be changed.

Incidents of Data Breach

The extent of damages done to hospitals can be reflected in incidents of data breaches. In July, 2015, UCLA health reported a data breach of the records of 4.5 million patients. Investigation revealed that basic encryption of medical data had not been carried out, which made the data vulnerable. As a consequence, ​​names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information were exposed to hackers.

Measures for Protection

For effectively protecting the healthcare facilities from cyber attacks, we outline the following 1​

measures​ :

● Robust IT platforms: It is important for hospitals to have robust IT platforms with a strong application base. These applications should not constantly break down. If they do, they should be restored quickly.

  • ●  Responsible Planning: Hospital staff should carry out regular planning to review the risks posed to the systems. Anti-malware software needs to be installed and regularly updated. And if possible, data needs to be encrypted.
  • ●  Training and Awareness: Humans can make mistakes, and can err in judgement. For reducing the risks in decision making, regular training and awareness is a useful tool. Learn.MetahOS.com has a course on cybersecurity, which can be useful for hospital staff.In conclusion, increasing digitisation will expose hospitals and healthcare facilities to new risks. Healthcare facilities face extra responsibilities due to the sensitive nature of the information. For securing all grounds, strong technology partners can be critical.

    References:

    https://economictimes.indiatimes.com/news/defence/china-appears-to-warn-india-push-too-hard-and-the-lights-could- go-out/articleshow/81266286.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

    https://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html

    Argaw, S.T., Troncoso-Pastoriza, J.R., Lacey, D. e​ t al.​ Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. ​BMC Med Inform Decis Mak​ 20, 146 (2020). https://doi.org/10.1186/s12911-020-01161-7

Share:

More Posts

The Role of Health Information Technology in Post Acute Care

Post Acute Care and Health Information Technology Introduction In the British Medical Journal post ‘The Stress of Sending Patients Home’, physician David Oliver recalls how he was publicly threatened by the relative of a patient in the supermarket. Seemingly, the patient had suffered from complications after he had been sent home, and the relative was

10 Things Your Boss Wishes You Knew About Receivables Management

Account Receivables (AR) are amounts yet to be received for goods or services ordered. AR is legally enforceable claims for payments generally in the form of invoices raised by a business for the goods or services rendered to the customer.    In a hospital setting, AR could be in the form of Government Schemes and

Optimising Communication in Healthcare

In today’s world, several individuals are involved in a patient’s care journey. And all of these individuals constantly share information with the patient. Often, these micro-level interactions determine patient satisfaction. Poor interactions could lead to dissatisfied patients. Pleasant interactions could result in satisfied patients. Consequently, for improving the patient experience, streamlining communications is essential. In

Send Us A Message