Healthcare industry is very prone to cyber attacks because of what it poses and what it provides. The healthcare industry, whether it is a hospital or it’s a ministry, contains a tremendous amount of Privately Identifiable Information (PII). And at the same time it provides an absolutely critical service that literally decides life and death situations.
So, effectively hackers usually go after data. The healthcare industry has tremendous amount of data and very valuable data. At the same time it is very prone to extortion through Ransomware, because if you take down a hospital with Ransomware attack, the hospital has to literally turn away ambulances with critical patients from its door, because its systems are down. They are very susceptible to paying the ransom, just to get their systems live. This is just one of the multiple examples. And then, if you think of the multitude of devices, the multitude of people that work in healthcare industry with a wide variety of IT experience and their primary purpose is not to think about IT, but to save lives. So, the combination of all these factors mean a tremendous opportunity for attackers’ weather they are opportunistically looking for money, or weather they are state sponsored looking for advantage or looking to steal data – This creates a tremendous environment for cyber-attacks.
Cyber Attacks in Healthcare – Impact
Hacking can
impact the healthcare industry in a variety of ways. Again coming back
to what the healthcare industry has and what it provides, hacking can
steal privately identifiable information. Why does it matter? Well, it
can effect individuals or it can become a national security problem. For
example, from an individual perspective if a ministry or hospital gets
hacked and the data gets stolen and sold on the dark web for several
bitcoins or the individual whose data has been stolen are now
susceptible to identity theft. Or for example, somebody can start
claiming maybe Government services in their name. So it’s the identity
theft that can affect the individual or the identity theft that can
affect the Government. Or the other hand, if that information is stolen
by a foreign actor or like another Nation state, there is now a set of
individuals whose private health data is owed by a potentially hostile
Government. Now that is on the data side, and then there is the
operational side. The most typical example of course is Ransomware
taking on hospital and at least in the United States in the past six
months we had several examples and new hackers going behind hospitals
because they know that the hospitals are more willing to pay a much
bigger ransom. But you also have a multitude of IoT devices there. And
when I say IoT, I know it’s a very broad term, you can think of every
single device that sense elementary data every single data cart, every
surgical robot- It’s a multitude of devices and they have a variety of
methods of patching, some of them are more modern, some of them are less
modern. I sometimes go to a doctor and still see a windows 7 machine
running. Windows 7 is the end of life. So, there is also the operational
side which is rife for disruption, which also translates into the
hospital not able to take patients.
Cyber Attacks in Healthcare – Challenges
The
challenges are how do you build out a cybersecurity strategy or a
cybersecurity operation without impacting the core machine which is
delivering healthcare. And again, we can talk about the administrative
side, then there is the hospital, the kind of operation side and the
core mission is to deliver healthcare. And you know, traditionally,
cybersecurity is seen as a impairment to the ease of doing work. For
example, it creates more hoops, people have to do more things and then
it gets in the way, that’s the traditional thinking that gets in the way
of people doing work which creates some of the resistance and that’s a
challenge. So the question is how do you allow cybersecurity that is
transparent. Let the organisation perform its core mission which is
deliver healthcare, while at the same time the foundation of IT on which
this organisation is delivering its core mission is rock soild from an
operations point of view and from the cyber security point of view. So
doing that in a way that is transparent and doesn’t cause people to look
for ways around minding conveniences, that is actually a big challenge,
how you roll it out and how do you get people to accept the cyber
security.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
With challenges like that, there are technical answers to this. And by the way you bring up a phenomenal point healthcare industry or any industry has to work with a variety of third party sources and their contractors. In Uinted States, one of the most famous hacking cases was of a large retailor called “Target”. And Target was breached through a contractor. But the contractor had full network access into the Target infrastructure. With the healthcare industry you are working with billing contractors or people who come in & out of the hospital to service. There are technological ways of ensuring that they are at a certain minimum level of cybersecurity or if you grant them access you grant them the absolute minimum level of access they need in order to perform their duties, their tasks which is kind of opposite of the typical approach of the “look look look, let’s just make this work, let me give you full access, make my problem go away”, that type of mentality has to go away. And there are tools in the industry that help IT administrators whether they are in the healthcare or in other industries to be able to do this, to be able to roll this out and again, its all about making cybersecurity transparent but effective.
Cyber Attacks in Healthcare : The Way Forward
The
opportunities forward is with I think, one of the opportunities at a
societal level, the people in general as they use computers more and
more are starting to become aware that cybersecurity is not just some
task to be sought out for afterwards. It is actually part of the core
pillars of any modern digital business or organisation. So one of the
opportunities is, when new systems get rolled out, there is going to be a
lot more acceptance for those systems and people rolling them out now
are – I’m more excited about the fact, are more aware about
cybersecurity. And that awareness is actually a major leap, major step
towards you know building those systems from ground-up with
cybersecurity built-in. On a tactical level what does it mean? Whether
it is proper network segmentation, whether it is all end point devices
that are fully patched and are fully protected and the data is
constantly encrypted and data is never stored/set in plain text. All of
these little components that IoT systems are segmented you know that
everything is patched if I’ve never mentioned that, all of those
components now are at the forefront of thinking of designing new
systems. So as systems get upgraded whether it is healthcare or any
organisation, there is hope, I’m optimistic in that these basic
controls, these basic cybersecurity technologies which don’t get into
the way of people getting their job done are being rolled out as a part
of core infrastructure. And again, there are many technologies out there
that solve many of these problems. It is just that somebody has to
identify that they have this problem and think of proactive step of
action of deploying the technology. Somebody has to take that step.
SonicWall : Activities
One
of SonicWall’s core kind of parts of the mission is to be able to
deliver security that just works right, that it is automatic. It doesn’t
help anymore if we tell you had a virus or you had a Ransomware that
came in 20 minutes ago. Good Luck. That doesn’t work anymore. That’s it,
at this point you may be out of business or your mission might be
impacted. It has to be automated you know what we call automated breach
detection and prevention, you have to prevent it. And also its very
important to get this done in a way that doesn’t break the bank. And a
phenomenal TCO healthcare organisations and many government
organisations, they are not exactly throwing cash around. So you have to
solve the problem but within a reasonable budget. Something that works
and doesn’t require constant babysitting. So operational efficiency, a
product that can be deployed by one or two administrators and they don’t
have to just sit and baby sit it. It just works and tells them when it
needs some attention. So, all these things which is ease of use,
operational efficiency, phenomenal TCO and you know top-notch
securities, those are the core components we deliver to all our
customers and especially industries like Government, Healthcare,
education tremendously benefit from these trends as well.
SonicWall : India Market and future plans
Future
plans. You know one of the aspects with the adoption of cloud and I
know there are different industries, different sectors have different
sensitivities around the cloud. But, nevertheless the trend is cloud
gets adopted. There are cybersecurity model changes. Whether data
resides changes. Today you have data that sits inside your organisation,
tomorrow as you adopt Saas-software as a service, for to reduce costs
and all of a sudden your data lives in the cloud, then I’m not saying
that the cloud providers are vulnerable. That’s not it. Its just that
you now don’t have control of where that data resides. So it is a
different mentality, there are tools again to solve those issues. But it
takes IT administrators and security personal to be aware of those
challenges. And of course, the emerging IoT, just IoT and in the future
with 5G right now it is young, five years from now it will be
ubiquitous. Imagine ubiquitous connectivity to any device on the cloud
then will bring a whole new set of challenges but also opportunities.
We will become much more efficient as an IT society but will bring other opportunities in cybersecurity as well. You know, it’s one of our fastest growing markets, we are very excited to be here with investing tremendously in India, it is also one of our biggest employee hubs as a company it is one of our biggest research centres is here in Bangalore. So it is one of the fastest growing markets especially in cyber security you know in one of the most popular countries in the world. Again, cybersecurity is about people data; the more people you have, the more data you have and more the relevance cyber security is to you. So I see India as a both a potentially huge target for cybersecurity but also an area of tremendous cybersecurity growth in innovation.
Source: Health World