Earlier this year, one of Czech Republic’s hospitals, which is also a coronavirus disease 2019 (Covid-19) testing laboratory, became a victim of a cyberattack. The attack forced the hospital to shut down its information technology network, postpone surgeries and move some of its patients to other hospitals. With the pandemic still in full swing here in the Philippines, these cyberattacks on other countries’ hospitals pose as a warning for our healthcare industry to take cybersecurity seriously.
Following that incident, the Cybersecurity Bureau of the Department of Information Communications and Technology (DICT) immediately advised local hospitals and healthcare facilities nationwide to install emergency backup systems to ensure continuous operations.
In a time like this, the disruption of healthcare operation is a huge risk.
The healthcare industry has evolved to heavily depend on network infrastructure. This evolution has exposed hospitals and healthcare facilities to increasing cybersecurity and privacy threats. However, some of our healthcare organizations are not yet equipped with the right policies, people and technology infrastructure to deal with cyberattacks.
With the Covid-19 crisis, cyber criminals can capitalize on the pressure faced by health organizations to plan their cyberattacks and take advantage of vulnerable systems.
The effects of these cyberattacks, which could include compromised patient data, medical equipment malfunctions, or disruption of operations can be very damaging to not only the organization, but also to the health of individuals.
Top cybersecurity concerns
Social engineering. Sending spam emails to healthcare officials and personnel that includes malicious links and attachment is one of the common and simple ways to obtain information and access credentials. When successfully executed, cybercriminals can gain access to a computer or to the healthcare information system or network. They can then exploit this access to steal medical records or sabotage the healthcare operations.
Targeting telehealth services and technologies. To help fend off the spread of Covid-19, healthcare organizations have implemented telehealth and work from home arrangements, including use of mobile or online medical apps, patient portals and contact tracing apps. While telehealth services provide patients remote access to health services and information, cyber criminals can also take advantage of this, targeting remote connections, online services platforms, and remote offices and personnel.
Lastly, the lack of visibility on the organization’s network and connected devices is also one of the commonly overlooked cyber risks. Because of the pandemic, the use of mobile devices and remote technologies have increased. Without an efficient system to monitor and manage these devices, cyberattacks may happen easily.
Reducing the risks
As the old expression goes, prevention is better than cure. Healthcare organizations need to identify their critical information technoogy assets and the important data they have, then design a plan to protect them. They could consider installing a strong and updated antivirus and malware protection on computers, encryption tools and email security systems. They could invest in a sophisticated data loss prevention software to ensure that sensitive data is not lost, misused or accessed by unauthorized users.
With all these said, technology can only do so much. The main protector of sensitive data and information is still the organization’s personnel. Providing cybersecurity awareness training and education to employees should be a priority in order to prevent cyberattacks.
Furthermore, having a designated security advisor to provide guidance, suggest best practice, and develop security policies should also be considered.
Generally, many industries face similar challenges when it comes to the strength of their cybersecurity efforts. However, authorities concerned with nationwide information and technology are zooming into the healthcare industry because of the Covid-19 crisis.
Nevertheless, with or without this pandemic, the healthcare industry still faces a huge challenge with regard to cybersecurity. If cybersecurity is given utmost importance by the healthcare industry, there will one less challenge to solve.
Jan Nolasco is a Managing Consultant of the Advisory Services Division of P&A Grant Thornton. P&A Grant Thornton is one of the leading audit, tax, advisory, and outsourcing firms in the Philippines with 24 Partners and more than 900 staff members. We’d like to hear from you! Tweet us: @GrantThorntonPH, like us on Facebook: P&A Grant Thornton, and email your comments to email@example.com or firstname.lastname@example.org. For more information, visit our website at www.grantthornton.com.ph.
As published in The Manila Times, dated 30 September 2020