Cyber Security in Hospitals and Healthcare Facilities

“Early last summer, Chinese and Indian armies clashed in a surprise border battle in the remote Galwan Valley…Four months later and more than 1,500 miles away in Mumbai….Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst…those two events may have been connected — as part of a broad Chinese cyber campaign…”

In the ongoing tensions between India and China, cybersecurity has become a hot button issue. Recent reports suggest evidence of foreign malware targeting critical operations in India. Among other operations, Indian healthcare facilities are being perceived as key objects of cyber attacks. With the recent digitisation of operations, hospitals are particularly vulnerable to these attacks. In this background, this blog explores the sensitive nature of healthcare data, and suggests ways for hospitals to protect against cyber attacks.

PII and PHI

Healthcare data is sensitive as it deals with both Personally Identifiable information, and Protected health information. Personally identifiable information refers to data that could ‘possibly identify a specific person’. Examples include address and credit card details. Protected health information refers to ‘any information in a medical record created in the healthcare process’. This could refer to health information such as blood type and allergies. Arguably, PHI is even more sensitive to handle since it cannot be changed.

Incidents of Data Breach

The extent of damages done to hospitals can be reflected in incidents of data breaches. In July, 2015, UCLA health reported a data breach of the records of 4.5 million patients. Investigation revealed that basic encryption of medical data had not been carried out, which made the data vulnerable. As a consequence, ​​names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information were exposed to hackers.

Measures for Protection

For effectively protecting the healthcare facilities from cyber attacks, we outline the following 1​

measures​ :

● Robust IT platforms: It is important for hospitals to have robust IT platforms with a strong application base. These applications should not constantly break down. If they do, they should be restored quickly.

  • ●  Responsible Planning: Hospital staff should carry out regular planning to review the risks posed to the systems. Anti-malware software needs to be installed and regularly updated. And if possible, data needs to be encrypted.
  • ●  Training and Awareness: Humans can make mistakes, and can err in judgement. For reducing the risks in decision making, regular training and awareness is a useful tool. Learn.MetahOS.com has a course on cybersecurity, which can be useful for hospital staff.In conclusion, increasing digitisation will expose hospitals and healthcare facilities to new risks. Healthcare facilities face extra responsibilities due to the sensitive nature of the information. For securing all grounds, strong technology partners can be critical.References:https://economictimes.indiatimes.com/news/defence/china-appears-to-warn-india-push-too-hard-and-the-lights-could- go-out/articleshow/81266286.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

    https://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html

    Argaw, S.T., Troncoso-Pastoriza, J.R., Lacey, D. e​ t al.​ Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. ​BMC Med Inform Decis Mak​ 20, 146 (2020). https://doi.org/10.1186/s12911-020-01161-7