The Cyber Fears Hospitals Face Today: What You Need to KnowToday’s hospitals are as digitally connected as any other modern facility—but their data is often much more sensitive. Unfortunately, many health care facilities aren’t doing enough to protect their equipment, patients, and connected devices from cyberattacks.

In early 2016, one hospital in California was forced to pay $17,000 in ransom to cybercriminals to protect the hospital and its patients. The attackers locked down the hospital’s network for ten days, leaving patients at risk and health care providers in a precarious position. Hospitals don’t typically go public with information about cyberattacks, but a report from the Ponemon Institute found that 90 percent of health care facilities faced breaches in 2014 and 2015.

How Unified Communications Can Help Prevent Breaches

Hospitals who deploy unified communications (UC) and video conferencing may be in a better position to halt attacks in progress and stay up-to-date on the latest cyber security measures. UC technology can automatically notify IT security staff or equipment vendors when equipment has been breached.

Hospital IT specialists can meet with vendors or manufacturers and even receive virtual training through video conferencing to ensure hardware and firmware are up to date and secure. By working together, vendors and health care providers can strengthen defenses against cyberattacks in multiple ways.

Discover Cyber Attack Entry Points

Attackers have numerous pathways to access hospital networks and bring operations to a halt. Connected electronic medical equipment resides on the hospital’s internal network, as do confidential patient records. While internal systems are secure, attackers gain access to hospital computers connected to both the internal networks and the internet. Hospitals that offer Wi-Fi to patients and visitors may also create a vulnerable entry point for cybercriminals.

Today’s “smart”—that is, network-connected—medical implants may also represent an attack entry point. Devices such as insulin pumps that transmit data to health care facilities so physicians can monitor a patient’s health give hackers in-roads to the hospital network and stored patient data. Nefarious hackers could, theoretically, affect the operation of the implanted device. Fortunately, no attacks have been reported on these life-saving medical devices, specifically, but the fear lurks in the minds of health care providers and security experts seek ways to protect these devices and others, such as pacemakers.

Identify Barriers to Hospital Security

Medical device manufacturers often dictate equipment updates and security, preventing hospitals from adding security features that could prevent an attack. The chief information security officer at Beth Israel Deaconess Medical Center in Boston described the real ramifications of unprotected medical equipment to a medical-device panel. In his example, malware bogged down fetal monitors used for high-risk pregnancies, inhibiting data tracking capabilities.

Until the manufacturer decided to replace the system, the hospital had no means to prevent further attacks proactively. Fortunately, no patient suffered injuries. However, the scenario showcases a real vulnerability and barrier to sufficient security.

Other obstacles to adequate security include regulatory restrictions and a lack of hospital-specific security education. Hospitals use so many interconnected devices and equipment that keeping up with the latest security threats presents a significant challenge.

Protect Your Facility with Proactive Security Precautions

Health care facilities will likely never find a one-size-fits-all solution to cybersecurity, but they can take steps to improve security and reduce the risk of cyberattacks:

  • Stay in communication with equipment vendors via voice and video conferencing. They can work with medical device manufacturers to address current security concerns.
  • Use the latest security solutions to protect your facility and patients. For instance, MIT researchers created a device to jam the signal if it identifies an unauthorized connection to a medical implant.
  • Improve continuing education. Employees may unwittingly open a hospital’s network to attack if they use the internet on a hospital computer. Engage employees in the cybersecurity process to further reduce vulnerabilities.
  • Encourage open lines of communication. Timing is everything in a cyber-attack. Invest in a unified communications plan—including video collaboration—tools to improve response times and address threats quickly.

The online threat landscape changes constantly. All modern organizations must proactively address security considerations. In health care environments, in particular, having a well-developed cyber security policy that leverages unified communications for faster response times and training can protect patient data—and even save lives.

At Advanced AV we empower live meetings and remote collaboration by deploying the technology that helps your organization connect, communicate and engage with its customers, employees and stakeholders. Connect with us to find out more about how Advanced AV can help you achieve your business and technology goals.

photo credit: Comment se fabriquer un mot de passe efficace ? via photopin (license)