Cybersecurity is surely an issue that plagues every industry. One of those most at risk – and most pertinent – is the healthcare industry. Ransomware attacks in the past have shown the many flaws that exist in the industry – but why is healthcare so prone to cyber-attacks? And what can be done to stop them?
Unlike many other industries, IT system outages in the healthcare sector can be a life-and-death situation. Practitioners often make use of complex technology to deliver the appropriate care to patients, something which cannot be relied upon when threatened by a cyber-attack.
Further to this, there have already been a number of high-profile ransomware attacks on healthcare providers in the UK. In 2017, the WannaCry ransomware attack on the NHS cost it nearly £20m in service outings, forcing it to spend nearly £70m in reassessing its IT systems.
The Health Service Executive (HSE) of Ireland was also the victim on a ransomware attack in May 2021. This lead to hospital appointment cancellations across the country, electronic health records (EHRs) becoming inaccessible, and radiology systems going down.
According to an article by Healthtechdigital.com, the matter can largely be broken down into four constituent reasons:
An incredibly complex supply chain
Healthcare providers don’t just have their patients to think about. They must consider the sourcing of cleaning supplies, high-tech machinery, climate-controlled drugs and many other assets. This inevitably leads to a decentralised payment and procurement process whereby many different processes happen simultaneously. Enforcing security across a system like this proves very difficult, but not impossible with the right funding and a holistic approach.
Digitising patient data has come with a whole host of benefits, ensuring it is always up-to-date, easily shared/communicated between departments, and readily available to any practitioner that might need it. Unfortunately, all the attributes of a data-dependent environments also lead to its downfall – easily accessible, up-to-date information ready to download. Cyber strategies will need to develop in tandem with increased digitisation in order to ensure its safe continuation.
Internet-based and outdated devices
Many devices used in the healthcare sector are connected to the internet for the obvious reasons of ease of use and increased communicative ability. Each internet connection, however, introduces another entry point for a hacker. Further to this, many medical practices still run on legacy software such as Windows 7. And, while some of us can remember this getting released, the fact is older software is much more vulnerable to attack as it has less (or indeed no) dedicated support.
Medical staff are known worldwide for working exceptionally long hours. This fact was only exacerbated by the COVID pandemic which thrust an extra workload upon all medical staff, and then ladened them with a backlog of COVID-deferred patients. Human error is one factor here, but so is the genuine lack of time to properly train staff on cybersecurity best practices.
Ensuring a cyber-secure healthcare system is by no means a mean feat. It will take a massive amount of time and investment, coupled with a renewed strategic focus on preventing further attacks. Bad actors will always be a threat, but the technology exists to mitigate a lot of these risks – it just needs the right investment.