VIDEO: Healthcare and Cybersecurity Concerns
American Military University IT program director, Dr. Kevin Harris, discusses the critical need for medical facilities to protect patients’ medical data and secure a core component of our nation’s critical infrastructure. To do this, professionals in the field can mitigate cybersecurity risks by addressing them head-on in a multilayered approach.
The Department of Homeland Security identifies healthcare as one of 16 critical infrastructure sectors. The federal mandate for electronic medical records has created a target-rich environment for cyber attacks in healthcare. For medical facilities to protect patients’ medical data and secure a core component of our nation’s critical infrastructure, cybersecurity risks must be addressed in a multilayered approach.
This approach should include a strong security framework, training, protection for Internet of Things devices, and forensics.
Creating a strong security framework is essential and serves as a baseline foundation that consists of traditional best practices, including strong security policies, a well-designed infrastructure, competent technical employees, patch controls, backups, and strong access controls.
Training is another layer that medical facilities should address. Because sensitive medical records and personally identifiable information are shared with multiple healthcare employees, it is imperative to develop and regularly update robust training programs.
Another component of this multilayered approach is securing Internet of Things devices. Healthcare institutions have become significant users of smart devices, which can be implants, wearable devices or other equipment used to provide or monitor patients’ care.
These devices often transmit data wirelessly and allow providers to remotely check patients’ vital signs.
Unfortunately, smart devices introduce another attack vector for hackers. Attackers can disrupt or modify wireless communication or even remotely drain the batteries in devices such as insulin pumps and pacemakers.
When medical facilities select smart devices for patients, they should consider device security features including warning a patient when the device is under cyber attack. That alert would allow a patient to leave the attack area.
The next layer of strengthening healthcare cybersecurity is digital forensics. In the event of a breach, it is critical for an incident response team to identify and stop the attack. The attack must also be documented in a manner that can be used in the attacker’s prosecution.
The medical community has a daunting task in securing patient data from attack and that responsibility is not likely to ease anytime soon. Remember, even patients are part of the solution by ensuring portals are secure and not shared.
There is no universal panacea when it comes to mitigating cyber threats, but best practices in cybersecurity dictate a multilayered approach.
For more information on our cybersecurity programs, please visit us online.
Get started on your cybersecurity degree at American Military University.