Encouraging Cybersecurity In Medical Imaging
The monetary value of PHI can be enormous. As a result, attackers are employing increasingly sophisticated techniques to gain access to patient health records.
Healthcare organisations are aware of the extremely sensitive nature of patient data, and consequently the importance of protecting it.
The introduction of complex regulatory requirements, such as HIPAA and HITECH, and the significant penalties these regulatory authorities are issuing for negligent or malicious mishandling of patient data, is forcing healthcare organisation to reassess and secure their cybersecurity.
Encouraging Cybersecurity In Medical Imaging:
Amid evolving cyber threats, cybersecurity researchers are warning medical devices manufacturers and healthcare providers to become more assiduous in protecting medical imaging devices from cyber threats. As medical imaging devices become more connected to hospital networks, they also become vulnerable to sophisticated cyber attacks. Attackers can easily penetrate to the computers that control medical devices and block or disable access to them, something that has already happened worldwide. Medical devices present an easy target for hackers. Any cyber attacks on medical imaging devices reveal the following four outcomes.
• Disruption of scan configuration files can install malware that controls the entire CT operation and puts a patient at high risk.
• Medical imaging devices have several mechanical components which receive instructions from a control unit. A malware attack on these components can damage the equipment and injure the patient.
• Image results disruption can happen because medical imaging devices send scanned results via a host computer. An attack may alter results or mix up connected images.
• The malware encrypts a victim’s files and demands a ransom to decrypt them.
For building an active cybersecurity strategy healthcare providers must understand the threats facing them. They must also consider potential sources of attacks. Attacks are carried out by the external parties, but internal actors can even pose more significant threats as they have trusted access to the system. External attacks are motivated typically by financial gain or targeting an individual or an organization.
While internal threats can be more challenging to manage as they can happen out of simple negligence. The typical internal security gaps and concerns include:
• loopholes in process
• unpatched software
• lack of encryption
There are plenty of methods providers, and vendors can take to hold off cyber threats. A foremost thing institutions can do to protect their devices is imaging system acceptance testing, which should be undertaken with the partnership of the vendor to assess all vulnerabilities. A periodical assessment over the life cycle of the equipment can serve great protection. Some other steps a healthcare system should include are
• Replacement of outdated devices
• Encryption of interfaces and data at all points
• Cybersecurity training for all employees
Understanding the threats and implementing these security measures is a balancing act between security and being able to do the job. As the interconnectivity of the medical devices increases due to cloud computing, analytics, data storage and the expansion of enterprise imaging the vulnerability will also increase. A ripe cybersecurity culture with strategic planning can only protect the organizations.
Cybersecurity And Healthcare: It’s Not Just About Protecting The Data:
Healthcare CIOs have hopefully all now heard and heeded the warnings regarding enhancing their organization’s cybersecurity posture, both in terms of technological sophistication and of staffing and staff awareness. Clearly this new threat has grown exponentially over the course of the last several years, and it seems likely that it will continue to escalate further. The financial and reputational costs of a breach are very large and often last for years, as witnessed by recent multi-million dollar fines levied against organizations several years after the initial incident occurred.
Yet I remain concerned that our focus has been too narrow, with the safeguarding of our patients’ data as the primary issue. Of course, we obviously must ensure that this data remains well-protected and out of the hands of the “bad guys.” We have certainly heard about the value of health records on the open market and how it remains enormously profitable for hackers to go after this information. And as mentioned above, there’s obviously the very real concern of very large financial penalties imposed on organizations for HIPAA violations, and all the other financial losses that go along with a breach.
But there’s an important lesson that I learned back in 2014 when the hacktivist group Anonymous attacked us at Boston Children’s Hospital, and that I have seen play out more recently at hospitals around the country that likewise have been subject to ransomware and other cyberattacks. And that’s that these cyberattacks have the ability to cause major disruptions in the actual provision of care to patients, and to the general operations of a healthcare organization.
During our anonymous attack experience, we withstood a number of different disruptions, each of which caused different operational challenges for us. Read Also…….