The Wall Street Journal reported recently that more than 2,100 patient deaths per year are linked to data breaches at hospitals.1 The findings highlight the need for healthcare organizations to redouble their efforts in cybersecurity and improve their post-breach remediation. They also illustrate how data breaches can compromise the performance of organizations, even if lives aren’t involved.
I spoke recently with Leon Lerman, co-founder and CEO of Cynerio, a leading innovator in the healthcare cybersecurity space, about the research. Leon is an expert focused on protecting connected healthcare systems from cyber threats.
Why is cybersecurity an increasingly important concern for hospitals and clinics?
Hackers are very motivated to attack hospitals and clinics because medical records and their protected healthcare information are extremely valuable on the black market. It can be worth up to 10 times more than credit cards because it can be used for identity theft and fraud. Also, with the increased adoption of connected medical devices, which are not built with security in mind, there is now an increased risk to patient safety as even a relatively basic "everyday" attack can cause service disruption and prevent the hospital from providing patient care.
What is the biggest risk facing hospitals in the day-to-day operation of serving patients?
The biggest risk in terms of operation and day-to-day service of patients is the fact that hospitals are becoming more and more reliant on "smart" devices and equipment to provide patient care. While that allows more advanced and efficient patient care delivery, it also introduces a significant security risk, as these devices are now connected to the hospital's network and some are even connected directly to the internet. With all this connectivity, most of these devices are not built with security in mind — many of them running obsolete operating systems and are very often invisible and out of scope for IT security teams and solutions. These devices are susceptible to everyday attacks which can make them crash and disrupt day-to-day operation of serving patients.
Can you give us an example of a recent breach in cybersecurity and how it impacted hospital operations?
A good example would be the WannaCryattack, which affected more than 60 hospitals in the UK and numerous hospitals in the U.S. This attack affected not just administrative PCs but also radiology devices, blood gas analyzers and operation room equipment which caused the cancellation of thousands of scheduled surgeries, including critical heart operations.
The effects of a cyberattack can last long after the initial breach. Why is it so difficult to get devices back up and running?
It's difficult for hospitals to get devices back up and running as most of these devices are a "black box" for the hospital's staff. In case of an attack they very often don't have the knowledge nor the capabilities to get the devices operating again, and so they require the support of the device manufacturer to restore operation, which takes time.
Since many of the connected medical devices in place were not built with security in mind, and typically run with outdated and unpatched operating systems, what are the first steps you recommend?
As a first step, hospitals need to have visibility into their medical device ecosystem. That includes having an up-to-date inventory of all the devices on the network, with proper classification of their role, combined with full visibility and understanding of what devices are actually doing on the network - who are they communicating with, which medical workflows are they taking part in and what's the associated risk to these behaviors. This allows hospitals to understand their current security situation and enables them to take preventative proactive actions to improve their security posture - like limiting unnecessary device communications.
To find out more about Cynerio visit cynerio.co.