Today’s healthcare systems operate in a mostly digital world. This digital connectivity has allowed some amazing technological advances to come to light. Things like telemedicine, wearable technologies and artificial intelligence could not exist without it.
For imaging providers, it would be difficult to imagine the practice of radiology without these transformative new technologies, many of which have led to improved efficiencies, higher diagnostic quality and better-informed, life-changing medical treatments.
A Number One Priority for Health Entities in 2022
Dependence on this highly digital infrastructure comes with important considerations for healthcare organizations. In fact, cybersecurity (and the challenges of ensuring patient safety, privacy and security) has emerged as the number one technology hazard for health facilities in 2022, according to the ECRI Institute.
This #1 ranking comes with good reason.
Last year, cybersecurity breaches were at their highest ever recorded, with more than 45 million individuals impacted by attacks on healthcare organizations. These breaches often included exposure of patients’ protected health information (PHI), representing more than a 30 percent increase from reported incidents in 2020. Cyberattacks were counted separately from ransomware attacks, which themselves showed a 59% increase in reported incidence by healthcare organizations between 2020 and 2021.
The risks for health organizations are far-reaching and come at an extremely high price.
To further put this in perspective, healthcare organizations in 2021 lost nearly $21 billion in revenue caused by downtime and other operational costs related to a cyber incident.
A bit of background:
The lack of cybersecurity in medical devices took center stage when the healthcare industry was attacked on the NHS in 2017. “The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. Because of events like this, regulatory bodies like the FDA are finally taking the problem of cybersecurity more seriously. In 2019, the U.S. Food and Drug Administration (FDA) issued a warning about two security flaws affecting dozens of implantable cardioverter defibrillators.
Why is healthcare a target for cybersecurity attacks?
- Private patient information is worth a lot of money
- Healthcare facilities are a target because they act as storage for an immense amount of confidential patient data which can be sold for large sums of money.
-
Outdated technology means the healthcare industry is unprepared for attacks
- Because of budget limitations and the hesitance to learn/teach new systems, many healthcare facilities have outdated technology.
- Medical devices are an easy entry point for attackers
- Medical devices and SaMD play a critical role in modern healthcare. But for those in charge of online security and patient data protection, new devices open-up more entry points security breaches.
-
Healthcare staff aren’t educated in online risks
- Because of time, budget, and resource restraints, medical professionals are not trained to deal with online threats and it is a difficult task for healthcare industry staff to be fluent in cybersecurity best practices.
- The number of devices used in hospitals makes it difficult to stay on top of security
- Healthcare organizations are responsible for large amounts of patient data and more often than not, an extensive network of medical devices all acting as potential security threats.
Tips for Keeping Imaging Systems Secure
Cyberattacks can create interruptions for healthcare entities — from simple appointment scheduling and check-in processes to online payment systems. Cyberattacks can also impact network-connected medical devices and the data networks they rely on to deliver time-sensitive care to patients.
- Recognize that this is not simply an IT issue.
Place high importance on cybersecurity among all stakeholders in the healthcare delivery process. This includes healthcare leaders, providers, device manufacturers and frontline employees. It takes everyone’s diligence to keep integral systems and patient data safe. - Replace outdated equipment.
All equipment (especially equipment that relies on technology interfaces to operate) comes with an expiration date. This date may not be clearly marked and will vary depending on the extent of use, maintenance and other factors. Using equipment that was designed to meet the needs of another era is an invitation for a security issue. Legacy products that cannot be updated and secured to today’s standards must be transitioned out of use. - Conduct an equipment audit.
Report any concerns to your IT team or imaging partner. Raising the concern, even if there turns out not to be one, is better than letting potential vulnerabilities continue. - Keep systems separate.
Only those who have security clearance to access radiology network systems should have access. There should be no personal or employee email communication connected to the imaging services network. This is an open invitation to hackers or other data infiltrators. - Update software religiously.
Lean on your equipment service providers to make sure essential updates are kept current. If a service can be added to ensure software is updated consistently, such a service is a wise investment.
Emerging Security Requirements for Internet-Connected Devices
The American Hospital Association recently issued support for the Healthcare Cybersecurity Act (S.3904), legislation that seeks to boost training related to cybersecurity in the Healthcare and Public Health (HPH) field.
Lean on Your Trusted Vendors and Equipment Providers
Vpmimaging customers have the double assurance of a diligent local service team . Our customers benefit from a state-of-the-art portfolio of products, cybersecurity management processes, and ongoing diligence and attention to cybersecurity issues to counteract the threats of today and those yet unknown.
What does a cyber security do?
Cybersecurity analysts protect computer networks from cyberattacks and unauthorized access. They do this by trying to anticipate and defend against cyber threats, and responding to security breaches when they do happen. In this job, you play a key role in protecting your organization's valuable data.
What qualifications do you need for cybersecurity?
In general, a cybersecurity engineer must have the following qualifications: Degree in Computer Science, IT, Systems Engineering, or a similar field. Two years of work experience in cyber security-related duties such as incident detection and response, and forensics
What security threats exist in the medical device technology?
From an IT perspective, connected medical devices can be subject to additional cybersecurity risks, including denial-of-service and patient data theft. Computer viruses and malware also have the potential to jeopardize a patient's treatment and privacy.
Can medical equipment be hacked?
A 2015 report showed that hackers are using medical devices as back doors to break into healthcare networks and steal medical data. Experimental hacker Jay Radcliffe demonstrated how simple it is to take control of a connected insulin pump and trigger a lethal dose to the patient.
What is the most important aspect of cybersecurity in healthcare?
Cybersecurity in healthcare involves the protecting of electronic information and assets from unauthorized access, use and disclosure. There are three goals of cybersecurity: protecting the confidentiality, integrity and availability of information, also known as the “CIA triad.”
How important is cybersecurity in healthcare?
Aligning cybersecurity and patient safety initiatives not only will help your organization protect patient safety and privacy, but will also ensure continuity of effective delivery of high-quality care by mitigating disruptions that can have a negative impact on clinical outcomes.