Together we can stay ahead of cybercriminals
The need to protect sensitive information in health is not a new topic. But what is new is how the threat landscape is evolving. This is the result of the extension of care and information sharing beyond traditional clinic and hospital environments, and the ever-increasing number of devices in health with the Internet of Things (IoT) as Leslie Sistla recently discussed.
What’s pleasantly surprising is that while medical devices have been shown in testing to be vulnerable to cyberattacks, we have seen very few breaches of these devices in the real world. In fact, one of the biggest health organization security breaches at Community Health stemmed not from a medical device, but a network device.
Still, health organizations need to be vigilant about making sure they have updated security features on all their devices to keep cybercriminals out. Oftentimes, the data from medical devices isn’t really what’s most valuable to criminals. Rather, they’re looking for ways into a health organization’s network so they can get at their EHR, financial, and operational systems. They may target medical devices to tunnel into a health organization’s systems and then go after sought-after information such as social security and other Personally Identifiable Information (PII) that can be used for fake identities, tax fraud, billing scams, and more.
We’re also seeing some disturbing signs through our digital crimes unit of an increasing propensity for criminals to hack into devices and networks not just for data, but for control. In other words, criminals aim to take an organization’s systems hostage to extort a ransom for returning control to the organization. You can imagine the implications of this to a hospital’s operating room systems, for example.
But we mustn’t let the fear of these issues come in the way of what’s needed in the industry-which is the continued transformation of health delivery through IoT to increase care quality, access, and efficiency.
And the good news is that health organizations can take advantage of modern security tools for an end-to-end approach to help protect against cyberthreats on all fronts. Microsoft and our partners work hard every day to offer capabilities that help secure devices and services across the vast and ever-changing health IT landscape.
As Leslie wrote, we’re at the forefront of addressing rapidly evolving laws and regulations. And it’s great to see progress such as the EU’s digital single-market strategy, which will help streamline requirements and increase interoperability of health IT solutions with cross-country regulations.
We also understand that the rigors of regulatory compliance-particularly through the FDA- tablets-and that our medical device partners face has slowed the upgrading of some of the devices out there. But we urge everyone to move as quickly as they can to replace older devices with newer, more secure, and more updatable devices.
Health organizations today need to look at the entire threat landscape, whether it’s IoT across and beyond their organization or simply how their staff log in and out of their tablets-and we’re here to help make that process as painless as possible. For example, new technologies coming down the line with Windows 10 such as Windows Hello will enable highly secure logins based on facial recognition.
It’s no small task, but with a concerted, collaborative effort the health industry can continue innovating, whilst enabling the security that we all want and need to help ensure that incredibly personable and valuable data is not open to nefarious use.
Please let us know if you have any questions, feedback, or your own IoT or cybersecurity story to tell via email, Facebook, or Twitter.
