Keeping Up with Updates. Is the Medical Industry Ready?
By: Jim Stickley and Tina Davis
July 4, 2019
It may be enough to make you ill. With healthcare industries being one of the biggest hacking targets to date, security experts fear it’s likely to stay that way or get worse before it gets better. The past years have shown tremendous vulnerabilities for healthcare, including epic ransomware attacks, medical device tampering, and data theft. One of the biggest healthcare hacks we remember–most notoriously the WannaCry ransomware attack of May 2017 shut down entire hospitals worldwide and held critical patient data and records hostage.
Lessons were learned from WannaCry, but the reasons enabling this prime hacking industry are many. A huge topic on the list is the proliferation of the IoT (Internet of Things). Commonly known to healthcare as the IoMT (Internet of Medical Things), it refers to the increasing layers of technology needed as more and more systems and devices are added over time. It’s making cybersecurity more complicated and demanding as the IoMT needs to function undisturbed as networks grow. The rapid growth of the IoMT leads to added security vulnerabilities along the way, with no one quite sure how to absolutely protect that increase. The bigger the IoMT, the more it needs defending, especially when lives are at risk.
Securing the IoMT is an awesome responsibility, and the challenge for healthcare organizations to implement and secure updates to medical technology have become a hot topic. Hospitals don’t always have the latest tools or devices, and patching security systems can be much more difficult and complicated than it may sound. Some manufacturers break their warranty if customers patch, repair, or do much else to existing systems.
Yet another feature of future security depends on employee education and the tremendous benefits it reaps. Teaching staff about cybersecurity basics keeps phishing emails from being opened, or malicious attachments from being unleashed. The people who work on the network are the first line of defense and it only takes one person to click a malicious link or attachment to unleash a “WannaCry-like” threat.
There are many ways to accomplish this. You can do it yourself, of course. But you can also hire third parties to provide that education and awareness training. It’s always recommended to do continuous training when it comes to phishing, because these tactics and threats change and evolve continuously too. Once a year or when onboarding new employees, just isn’t enough anymore.
When cybersecurity and healthcare cross paths in the future, and we know they will, let’s hope we all benefit…and that we are all prepared.