Cybersecurity in Healthcare

Healthful Vitality | 04/07/2019 | By Dr. Faiq Shaikh, MD | Cybersecurity in Healthcare

Technology is becoming an all-pervasive component of medicine. While biotechnology and healthcare benefit immensely from technological advancements, they are also susceptible to the inherent and novel challenges of technology. There are significant concerns for medical data security, medical device integrity, and the current limitations in informatics. It is critical to identify them, not only as a matter of academic interest but also practical diligence. They need to identify to ensure undisrupted and safe use of medical technology. As big data becomes commonplace in the realm of medicine, we address these critical points of vulnerability. And we need to explore possible solutions.

Evolving Technology and Cybersecurity in Healthcare

While the electronic medical record systems and digital imaging saves papers, frees up clutter and provide us data mining and interoperability, they are vulnerable to downtimes and security breaches. The latter is a critical consideration for new medical devices designed for clinical use, such as cardiac pacemakers, bionic implants and external sensors. The reports of data breaches are common and it is important to evaluate the current landscape of cybersecurity threats, challenges to address them and provide meaningful and robust solutions.

Cybersecurity Threats in Healthcare

Cybersecurity threats in healthcare are on the rise. According to a recent survey, nearly 90% of healthcare organizations have suffered from a data breach in the past 2 years, with 64% reporting a successful attack targeting medical files in 2016. Numerous factors have contributed to this rise, including low organizational vigilance likely due to insufficient IT funding. Hackers are ready to take advantage of such lax security standards on medical devices, resulting in critical down-times, data theft and possibly life-threatening conditions. Furthermore, these medical devices are connected to a wide network of sensors and monitors, and when hacked serve as potential entry points to larger hospital networks, making them prone to getting hacked into as well. There are have been quite a few ransomware attack that held vital systems hostage for money.

Standardized Protocol for Cybersecurity Compliance

Presently, not all electronic devices used in the healthcare are vetted through the hospital IT department to undergo a standardized protocol for cybersecurity compliance. There is a general lack of FDA guidance to manage these medical devices in use, and very little is in place for those in the pipeline. Of these, ICDs, Infusion pumps and CT scans are at the highest risk for security breaks. But recently, FDA has released post-market management guidelines for manufacturers of medical devices to update these devices with the correct security protocol.

These medical devices need to have a built-in security system as an industry standard. Furthermore, they all must be vetted through the hospital IT department for proper integration into the hospital network to ensure secure data exchange. It is also extremely helpful to educate the employees and the patients about the proper use and care of the medical devices they use and the potential security risks involved. Only authorized technicians in registered workshops should be allowed to handle their maintenance and repair. The hope is that the next-generation medical devices, especially in the era of Internet-of-things (IoT) are likely to be more secure and backed with cybersecurity support, ensuring patient wellbeing as well as systems integrity.

Related Article: Digital Transformation in Healthcare Industry

References:

1. Cybersecurity in healthcare: A systematic review of modern threats and trends. Kruse CS, Frederick B, Jacobson T, Monticone DK. Technol Health Care. 2017;25(1):1-10. doi: 10.3233/THC-161263.
2. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Coventry L, Branley D.Maturitas. 2018 Jul;113:48-52.
3. The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity. Busdicker M, Upendra P. Biomed Instrum Technol. 2017 Sep 2;51(s6):19-25. doi: 10.2345/0899-8205-51.s6.19.
4. Cybersecurity Implications in an Interconnected Healthcare System. Smith C. Front Health Serv Manage. 2018 Fall;35(1):37-40.
5. Cybersecurity and healthcare: how safe are we? Martin G, Martin P, Hankin C, et al. BMJ. 2017 Jul 6;358:j3179. doi: 10.1136/bmj.j3179.