Protecting healthcare data, securing hospital systems

 

Healthcare organizations are valuable and sensitive infrastructures, but they are having to deal with ever-growing and increasingly sophisticated cyber threats.

 

The healthcare industry is challenged to maintain good cyber security because many institutions have complex, layered networks with fragmented healthcare IT systems.

 

Healthcare data is extremely valuable too. Healthcare information has all of your most sensitive data all in one place making it very popular for identity theft, billing and insurance fraud, and extortion. Unlike credit card data, which you can change and replace, you cannot change your healthcare data easily.

 

 

The endpoint for any discussion on healthcare cybersecurity and medical information privacy ultimately comes down to one word: trust. In an ecosystem that is composed of multiple stakeholders – industry regulators, healthcare leaders, clinicians, patients and manufacturers of health IT equipment such as Philips Healthcare – each party has a role to play.

 

An area of industry consensus is the need for continued co-ordination between healthcare providers and manufacturers to deal with security concerns. Among healthcare providers, steps are being taken to incorporate cyber security into the technology and network architecture upfront, increase investment in cyber security teams, and take a broader view of the security value chain³.

 

Through collaborating across the healthcare ecosystem, the industry can build on advances made by other critical infrastructure industries, supporting the advantages that digital connectivity will bring for patient care. “There is no one golden solution. Instead of it being a burden, we have to embrace security and privacy into our organizations,” says Michael McNeil, Head of Global Product & Security Services, Philips Healthcare. “Every one of us within this ecosystem needs to play our role in mitigating this threat.”

 

Clearly understand what products and assets are in your environment.

Work with technology partners on any legacy types of products and solutions that might not have the capability to be updated, patched and secured.

Make sure that you are working with an understanding of what are best practices from an industry perspective.

It is important to work on your procurement processes and understand the components within the bill of materials of the solutions you provide.

Consider involving your core vendors (e.g. in imaging informatics) in managing and mitigating your security risks by making sure their solutions meet the latest audio/video and security standards etc., this gives access to skilled security resources, leveraging experience from across the healthcare industry.