In this article, we will focus on our Cybersecurity in Healthcare Podcast. The podcast is about cybersecurity issues in healthcare organizations.
Today, the healthcare sector is highly susceptible to cyberattacks, as healthcare organizations store a large amount of personal and medical data that hackers can use for their own gain. Further, you can see the statistics on 2021 global data breaches in the healthcare field.
Data and research show that more and more healthcare organizations are digitalizing, simplifying routine processes, and generally improving treatment methods and improving patients’ lives. But if a healthcare organization has decided to digitalize, you also need to think about your security; as said earlier, they store a lot of personal and medical information that hackers are hunting for. That’s why we decided to record a podcast on Cybersecurity in healthcare. You can listen to the podcast or read this article describing our podcast.
About our guest
Rafael Reis – has 12 years of experience in Engineering, Cybersecurity, and Researching. He is Technology Manager at Memed, which is a digital healthcare company and also he is independent cybersecurity researcher.
Why did you start doing cybersecurity?
Rafael started doing cybersecurity by curiosity; when he was 17 years old, he started learning how to protect against cyberattacks. Then he met Daniel Donda, Microsoft MVP(Most Valuable Professional), who showed him that he shouldn’t pay for courses; he can start cybersecurity by searching Google information.
The importance of cybersecurity in healthcare organizations
Why does cybersecurity matter in healthcare org/startups?
In the healthcare sector, we face a massive amount of important information. There is also a lot of personal data of patients that hackers can merge into the network, use to manipulate people, extort money, and do other bad things.
Types of cyberattacks and their real examples
Do you have any stories related to cyberattacks in healthcare organizations?
Rafael, in the podcast, talks about the 2021 attack where the websites of the Brazilian Ministry of Health were attacked. They store a large amount of medical and personal data of patients. Hackers copied and deleted all this data from the ministry’s websites, demanding contact. Later, a group of hackers, Lapsus$ Group, claimed responsibility but did not specify what they were motivated by.
What is the impact of a cyber attack on a hospital? How could hackers use medical data?
Mostly hospitals and other healthcare organizations are in particular danger because they store a lot of medical data necessary to treat patients, for example, medical history, allergies, and other equally critical medical data. Thus, hackers can extort material values or set other conditions to returning data or open system access.
How dangerous is it not to be prepared for cyber attacks? And will it be possible to recover data if a cyber attack has already happened?
It is very important to be prepared for cyberattacks. Suppose an attack happens and healthcare organizations have not made a backup. In that case, most likely, attackers will be able to manipulate you by claiming that they copied your data and deleted it in your database. But only a backup will not help you protect yourself from cyber-attacks.
Why do medical devices need cyber security?
Medical devices need cybersecurity, as most of them can work directly with maintaining the patient’s health or even life. Thus, if there is hacking or any other interference with the operation of the device, up to disconnection and a ransom demand can lead to the deterioration of the patient’s health condition or, in extreme cases, even loss of life.
Protect your medical devices from cyber-attacks? Book a consultation with our cybersecurity specialist.
Errors leading to hacks and how to avoid them
What are the most common mistakes in cybersecurity in healthcare organizations?
As mentioned earlier, healthcare organizations store a lot of personal information of their patients and a whole set of medical data. So healthcare organizations should be more prepared for cyberattacks than other conventional organizations due to the great responsibility for possessing their patients’ data. Most of the cybersecurity-related mistakes in healthcare organizations occur due to human guilt, so healthcare organizations must prepare their personnel from cyber attacks such as phishing (a type of Internet fraud, the purpose of which is to gain access to confidential user data – logins and passwords), and other similar social engineering tricks.
What is cyber hygiene?
Cyber hygiene is the formation of useful habits in relation to cybersecurity, allowing you not to become a victim of cyber threats and avoid network security problems. Cyber hygiene is sometimes compared to personal hygiene: these are regular precautions to ensure health and well-being in both cases.
So Rafael suggested putting complex passwords everywhere using numbers, letters of the lower and upper registry, and symbols, trying to change passwords as much as possible, and making backups. But we understand perfectly well that doctors have enough other worries. First of all, they are doctors, and they don’t have time to study such things on their own, so it would be great to organize webinars to share valuable articles with them.
Some programs help make it easy to train doctors and other healthcare professionals to take initial precautions. For example, the Memed company where Rafael works uses a game-based training program, where the company sends emails with a virus to its employees to check how prepared they are for cyber-attacks.
What precautions should be taken to protect healthcare organizations?
To begin with, you need to respect and adhere to the rules of privacy in the country where you conduct your activities in the field of healthcare. As mentioned earlier, try to change and complicate passwords frequently, make backups, and have security keys.
Keep your software updated here. Rafael meant software to maintain security since hackers do not stand still and invent new viruses. If the security software is updated, its database is also updated, which is already ready to resist new viruses.
Do you want to know how else you can protect your organization from the technical side?
Book a consultation with our cybersecurity specialist.
In conclusion, I would like to add that digitalization simplifies routine processes improves many processes of treatment and prevention of diseases, allowing you to monitor the condition of patients from a distance. But do not forget about security, as healthcare organizations store a lot of personal and medical data that hackers can use for their purposes.
If the safety of your healthcare product is also important to you, then you can learn by example how we handled this by reviewing our client’s case study below.
Medical Social Web App
This solution had to be created from scratch, It was important for us to create a solution that fully meets the needs of our clients and the specifics of the healthcare industry. So we were able to make an easily scalable, reliable, secure, and HIPAA compliant solution that meets all industry standards. The end project consists of web and mobile apps powered by an AI system that help to find a specific treatment strategy based on other users’ input, backed by additional medical or non-medical staff, that will help users to achieve their goals.