How prepared is the healthcare industry to ward off cyber breaches?

With the high cost of medical equipment and practitioners slow to embrace digital technologies, is the sector a ticking time bomb for an attack that will have ramifications beyond data loss and be fatal to critical-life services?

data management, database management, digital infrastructure, risk management, security, here


With the recent uptake in data breaches and the healthcare industry vulnerable to a myriad of cyber breaches, concerns of the resilience of cyber security infrastructures within healthcare organisations are not unfounded.

iTNews Asia finds out from Gyanesh Ojha, Information Security – Principal Associate, Thoughtworks SEA about the state and preparedness of existing cybersecurity infrastructures, the challenges faced in making them resilient, and how the security landscape will change with the emergence of 5G.

iTNews Asia: How has the cybersecurity landscape changed within the healthcare industry compared to pre-pandemic and now?

The pandemic has forced the healthcare industry to rapidly shift onto the online space. The most salient change I have observed would be the way in which medical data is being stored and accessed across different parties and locations.

Historically, medical records were kept in cabinets and shared in a more restricted manner through a paper trail, given the lack of connectivity between various healthcare facilities or departments. Today, the majority of patients’ data is now stored in the cloud – granting medical professionals, hospitals, and private health companies the ability to access medical records remotely and in real-time.

Yet, just as rapid as these infrastructural changes were adopted, the cybersecurity landscape has also quickly responded to these shifts and we now see security threats that are rapidly growing in sophistication than ever before. Cybercriminals are now more active, looking for weaknesses in these new systems to access private and confidential medical information.

The sudden changes in infrastructure, databases, and applications across the healthcare industry often ignores key security requirements, with developers prioritising their accessibility as opposed to their ability to offer privacy, confidentiality, and integrity. Cybercriminals are well-aware of this practice and remain well-equipped to take advantage of such vulnerabilities.

iTNews Asia: Healthcare possesses a wealth of data and information that cyber attackers would be eager to retrieve – making it a high stakes sector given its importance. Are the operating systems in the healthcare industry able to ensure the resilience of their cyber security infrastructures?

The healthcare industry’s focus, after all, remains centred on the health and safety of patients. As such, healthcare providers often channel the majority of their budgets into medical equipment, which requires steep upfront investment.

Unfortunately, this also means that little has been done to ensure that healthcare systems can remain resilient in fending off cybersecurity attacks. Instead, most healthcare providers continue to rely on outdated and legacy operating systems, unpatched applications and unprotected infrastructures that are easily accessed by malicious threat actors.

Another factor for continuing with legacy infrastructure and systems, would be that many healthcare practitioners have already grown accustomed and too comfortable with the systems and processes in place, so much so that they are reluctant to implement these new updates, even if it means increasing workplace efficiency as well as strengthening cybersecurity measures.

This lack of focus on cybersecurity is not surprising but this ultimately negatively impacts patients, particularly when sensitive data is being compromised, and threatens the reputation of healthcare providers.

iTNews Asia: The healthcare industry is also a critical sector where connectivity needs to be seamless and always connected. What are some of the challenges faced when upgrading their cybersecurity infrastructures, and how were they overcome?

The main challenge faced is the steep cost of medical equipment. In the absence of sufficient budget and resources, equipment is either typically not upgraded or older, less secure, and unpatched systems are purchased. This could lead to security flaws and the loss of important data with healthcare organisations left vulnerable to attacks.

When upgrading cybersecurity infrastructure, healthcare providers may engage several disparate security solutions from various vendors, creating data silos that hinder cross-functional information sharing – preventing them from accessing crucial information. It also poses a challenge for security teams who may not have full visibility across networks, devices and assets to monitor, anticipate and mitigate potential threats.

data management, database management, digital infrastructure, risk management, security, here

The sudden changes in infrastructure, databases, and applications across the healthcare industry often ignores key security requirements, with developers prioritising their accessibility as opposed to their ability to offer privacy, confidentiality, and integrity. Cybercriminals are well-aware of this practice and remain well-equipped to take advantage of such vulnerabilities.

– Gyanesh Ojha, Information Security – Principal Associate, Thoughtworks SEA

Upgrading systems to an online space or relocating information from one cloud to another will also pose a challenge. However, if the upgrade is well-planned – which involves assessing and identifying the relevant risks – said challenges can be easily overcome.

While moving to the cloud, the selected infrastructure should ensure confidentiality, integrity, availability and privacy, whilst allowing authorised access from healthcare providers. Additionally, patients’ data should be encrypted with appropriate technical solutions, while the devices used to access patients’ records have the appropriate controls in place like strong password, encryption, patching, and logging.

As much as possible, third parties should not be given access to the patient’s data – instead masked data can be shared. If it is mandatory to give access rights to them, patients will have to provide their consent.

Healthcare providers should assess the third party’s security practices before engaging with them and ensure that they follow all the applicable regulatory and compliance requirements. At the end of the engagement, the healthcare provider should collect all the data back from the third party and ensure that all data within their possession is securely deleted.

Data retention policies should be clearly defined by healthcare providers. This will help ensure that regulatory requirements are followed. Data should be retained only as per the regulatory requirements. Once the data retention requirements and timelines are over, this information should be securely deleted.

iTNews Asia: How often do healthcare staff undergo training to improve their IT and cybersecurity proficiency?

As healthcare becomes more digitised and with the rising adoption of more sophisticated patient care solutions, training healthcare staff to be proficient in technology has become a priority. While there is no blueprint for developing the technological expertise of healthcare staff, organisations should try to take a more holistic approach to their security awareness programs.

Ideally, said programs should be designed to focus on changing staff’s perception towards security by thoroughly explaining the security risks as well as its subsequent impact on patients, the organisation and healthcare providers, substantiated with strong case studies. The program should also focus on the current practices that healthcare professionals follow during day-to-day operations, along with the necessary changes they need to make in each of those daily activities to improve security.

At the end of the day, all staff should be able to meet a certain level of IT and cybersecurity proficiency that will ensure all patient data, applications and software used are kept secure. IT and cybersecurity training should not be viewed as a one-off lesson, but rather, a continuous learning journey for healthcare professionals.

iTNews Asia: How do you see the security landscape in the healthcare industry changing over the next 3 years, with 5G emerging?

With 5G networks across Asia Pacific expected to increase in adoption over the coming years, a new world of possibilities will be seen in the healthcare landscape and will spur innovations with the potential to reduce risk and promote positive impact for patients.

This can include advancements in medical telemetry and remote telesurgery, robot-powered clean-ups of healthcare facilities, and instantaneous sharing of patient data. Yet while the potential of these advancement can be limitless, the technology must be balanced with privacy, security, and other considerations.

Healthcare systems that leverage the speed of 5G connectivity and the robustness to interconnect multiple devices and touchpoints in the ecosystem will blur the lines between the physical and digital world. Consequently, the attack surface for potential security breaches will also be expanded.

What can be worrying, is that these new applications of 5G and connected devices can extend the reach of a compromised network into the patients’ personal lives. For example, via connected cameras and microphones in homes. Such issues also give rise to significant implications for personal privacy

Regardless of tech advancements, baseline security requirements should be followed. Technology enhancement has a lot of positives but if not implemented appropriately, it will open channels for cybercriminals. As such, healthcare providers must ensure that they have the required controls and countermeasures to negate possible attacks.

Greater connectivity will allow people to access and share a lot of data easily. It is thus important to look out for all possible loopholes to reduce the attack surface. Controls like end-to-end encryption, proper access control, logging, monitoring, and auditing should be implemented.

Additionally, patients’ data would require greater levels of protection. With the emergence of robot assistants and connected homes, the private data of patients will become accessible across multiple levels, and can also be more vulnerable should confidentiality, integrity and privacy aspects continue to be de-prioritised.

Healthcare devices connected to home networks or to healthcare providers’ networks need to have robust controls at perimeter, end-point level, database, and application levels. While developing such applications, the development team should consider all possible attack vectors and test these systems thoroughly.

Digital Healthcare 2021 is happening on 6 – 7 October 2021. More information can be found here.

Internet Explorer Channel Network
News Related


Belles Beach House Blends Breezy Hawaiian Resort With Izakaya-Style Fare

© Wonho Frank Lee/Eater LA Belle’s Beach House, Venice. Given the sort of laid back mentality and restrained wealth in Venice, it’s a bit of a surprise that no one ... Read more »

Gwyneth Paltrow's skin secret at 49: This number one best-selling 'facial in a jar' will give you an instant glow - and you can buy it in Australia

Gwyneth Paltrow's favourite instant glow exfoliator is available at Mecca stores  The actress and Goop founder uses the $60 and describes it as a 'facial in a jar' 'The results are instantaneous,' she said. 'It polishes away roughness'Gwyneth also drinks three litres of water a day and has epsom salt baths  Read more »

NSW gym-goers will no longer need to wear face masks when working out

© Provided by Daily Mail MailOnline logo Gym-goers will no longer have to wear face masks while they work out at indoor venues across New South Wales.  Health minister Brad ... Read more »

Call for research into jellyfish sting treatments, as experts admit 'real gap' in knowledge

© Provided by ABC NEWS A potentially deadly box jellyfish found in deep water off Western Australia’s Kimberley coast. (Supplied: CSIRO) A large variety of jellyfish lurks in Australian oceans, including ... Read more »

West Ham vs Tottenham: Prediction, kick off time, TV, live stream, team news, h2h results

© ES Composite PLWestHamTottenham2122.jpg Tottenham make the short journey across London on Sunday for a key game in the Premier League’s race for European football. A pair of wins have ... Read more »

Phoebe Burgess goes on the offensive: Former WAG accuses the press and NRL PR machine of running a 'smear campaign' against her after she accused the league of covering up players' bad behaviour

Former rugby league WAG Phoebe Burgess has come out swinging against the Australian press and the NRL’s ‘PR machine’ after her ex-husband Sam Burgess was cleared of domestic violence and drug ... Read more »

Ed Sheeran is latest celebrity to star on CBeebies Bedtime Story

© CBeebies Ed Sheeran CBeebies Bedtime Stories .jpg Ed Sheeran is set to become the latest star to perform a CBeebies Bedtime Story. Sheeran, 30, who last year welcomed his ... Read more »

Pokémon TCG Fusion Strike pre-release promo cards revealed

© Provided by Dot Esports Pokémon TCG’s November set Fusion Strike is almost here. Although little has been revealed on its card list, we now know which cards will be ... Read more »

Class action looming against Canberra developer 3 Property Group after rescinding contracts for off-the-plan properties

© Provided by ABC Business The 3 Property Group have used a sunset clause to rescind their contracts. (ABC News: Elizabeth Byrne) Some Canberra off the plan buyers who’ve lost ... Read more »

Qantas brings forward some international routes for NSW reopening

Qantas will bring forward the restart of flights between Sydney and destinations including Singapore, Bangkok and Johannesburg as NSW prepares to become the first state to reopen for international travel ... Read more »

Trying to make sense of Donald Trump's SPAC? We break it down for you.

© James Devaney/GC Images James Devaney/GC Images Former president Donald Trump is taking his social media company public via SPAC merger. Shares of the SPAC, Digital World Acquisition Company, more ... Read more »

NT government department approved McArthur River Mine changes while in election caretaker mode

© Provided by ABC NEWS The McArthur River Mine lies south-east of Darwin, near the Gulf of Carpentaria. (ABC News: Michael Franchi) A Northern Territory government department quietly approved a change to ... Read more »

Weekly News Roundup 10/21

© Jim Dedmon-USA TODAY Sports Hello Hoosier fans and welcome to our weekly news roundup, where we’ll feature the biggest headlines and opinion pieces pertaining to Indiana football, men’s and ... Read more »

Major mask rule is SCRAPPED in NSW after minister made series of changes due to wave of complaints

Gym-goers no longer required to wear face masks when working out in NSWRule change applies to fitness fanatics participating in gym and dance classes Health minister Brad Hazzard made changes following complaints on Thursday  Read more »

You'll Be Shocked To See Will Poulter's Glow Up As He Prepares for Marvel Role

Will Poulter is getting the Marvel glow up. Twitter users are marvel-ing at the 28-year-old actor’s buff appearance following the news that he is joining the Marvel Cinematic Universe. As ... Read more »

Costa-Vettori Set For 195-Pound Catchweight Fight (UPDATED)

UFC officials confirm, Saturday’s main event between Paulo Costa and Marvin Vettori has been changed to a 195-pound catchweight and Costa will forfeit 20 percent of his purse to Vettori. ... Read more »

Video shows cops tasing severely autistic man who can't speak

© Eustis Police Department/WESH Eustis Police Department released body camera footage of Louis Grahai being tased – Eustis Police Department/WESH A man who cannot speak and has autism was tased ... Read more »

The REAL reason the new season of The Bachelorette was doomed from the start - as Brooke Blurton's season premiere records the worst ratings in the franchise's history

The Bachelorette may have another Channel 10 show to blame for its abysmal TV ratings on Wednesday night. The premiere of Brooke Blurton’s season of the dating series only recorded ... Read more »

Parents sue Dallas Aquarium for a $1MILLION after their 18-month-old boy was 'brutally attacked' by an OTTER that jumped onto top of enclosure and gouged his arm

Stacey and Ryan Williams are suing the Dallas World Aquarium for a MILLION dollars after a giant seat otter gouged their toddler's arm with its clawsOtter victim Nathan Williams, a year-and-a-half old, needed more than a dozen stitches to close the three lesions, according to the lawsuit filed on Monday His father was holding the child next to the animals' enclosure on May 2 when one of the animals leapt up onto a plexiglass barrier and scratched the boy'Ms. Williams' next memory is of Mr. Williams handing her a bloody, screaming Nathan,' reads the lawsuitAfter he was sent home he came down with a fever and was diagnosed with a Pasteurella infection from a bacteria found in ottersThe family's lawsuit drew upon social media posts from 2007 and 2013 that showed the otters jumping up onto the plexiglass barrierThere were no barriers or signs indicating that the otters could be aggressive, the family said, and nothing to that effect was posted on the DWA's website'The aquarium knew that these animals, with these crazy claws, with aggressive tendencies, could get up and reach visitors … and they did nothing about it'WARNING GRAPHIC CONTENT  Read more »

As many as 180,000 healthcare workers may have died of Covid-19, WHO says

© REUTERS FILE PHOTO: World Health Organization Director-General Tedros Adhanom Ghebreyesus attends a news conference in Geneva Between 80,000 and 180,000 healthcare workers globally may have been killed by Covid-19, ... Read more »

Sydney news: Eighth person charged over fatal bashing of 16yo Jason Galleghan in Doonside

Here’s what you need to know this morning. Overseas flights update Prime Minister Scott Morrison and NSW Premier Dominic Perrottet are due to give an update this morning on when ... Read more »

California moves to ban oil wells near neighbourhoods

© AFP via Getty Images A pumpjack stands out among homes in residential Signal Hill, south of Los Angeles, California, on September 25, 2019 where oil has been pumped since ... Read more »

Leaked documents show Australia lobbied to change key IPCC climate change report, Greenpeace says

© Provided by ABC Business Leaked documents show the Australian government’s criticism of a draft report by the IPCC. (ABC News: John Gunn) Australia sought to change a major international ... Read more »

More storms on the way for Queensland's east coast after hail storms yesterday, BOM warns

© Provided by ABC NEWS Storm clouds over Southport on the Gold Coast yesterday. (Supplied: JazNJoe) Queensland’s entire east coast south of Townsville could get showers and severe thunderstorms this ... Read more »

International travel offers jab incentive

International travel restarting in Australia’s two most populous states has been dangled as an incentive for vaccination laggards to pick up the pace. © Dave Hunt/AAP PHOTOS Victoria is expected ... Read more »

Kimberly Williams-Paisley, Ashley Williams 'Had the Best Time' Filming Hallmark Christmas Movies

© Provided by People Larsen&Talbert Real-life sisters Kimberly Williams-Paisley and Ashley Williams have wanted to work together onscreen for, well, almost a lifetime. “We’ve been wanting to work together since ... Read more »

Steph Curry & Ayesha Curry's 3 Kids Look Like Their Parents' Mini-Mes in This New Family Photo

© Sthanlee B. Mirador, Sipa via AP Images. Ayesha Curry is taking a page from Oprah Winfrey and Rachael Ray’s magazines, by featuring her image and the rest of her ... Read more »

US attorney general faces bizarre art quiz as Republicans question him about Hunter Biden

© Getty Images Attorney General Merrick Garland testifies during a House Judiciary Committee oversight hearing – Getty Images A Republican member of the House Judiciary Committee used his time during ... Read more »

Texas school district bans boys from having long hair

© KPRC Student Daniel Hoosier walks away after opposing the long hair ban in front of the Magnolia Independent School District board – KPRC Seven students are suing the Magnolia ... Read more »

Qld on alert as man fights COVID-19

Queensland authorities are trying to track the movements of a Gold Coast COVID-19 positive man who was infectious in the community for more than 10 days. © Albert Perez/AAP PHOTOS ... Read more »

Nuno's decision to rest Tottenham stars may prove right - but reserves' weak Vitesse loss threatens progress

© Getty Images tottenham vitesse 211021 A 1-0 defeat to Vitesse Arnhem will quickly be forgotten if Tottenham beat West Ham on Sunday but it was nonetheless a difficult night ... Read more »

Dinosaur footprints found in Ipswich coal mine were not made by the biggest Triassic predator, but a herbivore

© Provided by ABC NEWS The first dinosaurs appeared in the Triassic period, back when all the continents were clustered as one massive landmass. (Supplied: Anthony Romilio) What was thought ... Read more »

Tasmania to unveil plan fully reopen to tourists TODAY

© Provided by Daily Mail MailOnline logo Tasmania’s premier is expected to outline his plan for reopening the island’s borders with the mainland on Friday. Peter Gutwein, who wants the ... Read more »

Cleo Smith's devastated parents keep gut wrenching vigil at the campsite where the four-year-old was likely snatched six days ago - after expert warned her abductor would be virtually unnoticeable

Cleo's parents remain at north-west WA blowhole, which is closed to the publicOnly her mother and step-father remain at the site other than search workers  Dr Tim Watson-Munro has analysed the minds of the worst criminals for decadesHe says the monster who likely abducted Cleo Smith would appear 'very normal'  Read more »

R Kelly was placed on suicide watch after sex crimes conviction

R Kelly was placed on suicide watch after being found guilty of nine different sex crimes last month. According to the singer’s attorney, Steve Greenburg, Kelly was placed on suicide ... Read more »

‘No vaccine required': Spokane sheriff sparks outcry by offering jobs to cops who refuse to get jab

© Twitter Spokane Sheriff’s Department has launched a recruitment drive and highlighted officers do not require a vaccine – Twitter A sheriff in rural Washington has triggered outcry by offering ... Read more »

Kelly Smith reveals she had no support during injury-ravaged spell in US

© Getty Images Kelly Smith scores for England at the 2007 World Cup – Getty Images Former England international Kelly Smith has revealed she was drinking every day and had ... Read more »

Ghislaine Maxwell trial: Up to 600 potential jurors could be called

© c/o Sky Documentaries ghislainemaxwelljeffreyepstein2806a.jpg Up to 600 prospective jurors could be contacted before British socialite Ghislaine Maxwell goes on trial for sex-trafficking charges. Maxwell, 59, has been charged with ... Read more »

Your home can harm your health — and you're more likely to be at risk if you rent

© Provided by ABC Health Cold, damp and mould can all exacerbate health issues, according to doctor Kim Loo. (Pexels: Andrea Piacquadio) We all know about health risks such as smoking, drinking ... Read more »

Sydney news: PM and Premier to announce take-off plans for international flights

Here’s what you need to know this morning. Overseas flights update Prime Minister Scott Morrison and NSW Premier Dominic Perrottet are due to give an update this morning on when ... Read more »
On you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic