The pandemic sped up healthcare digital transformation (DX) by leaps and bound, but it also led to massive gaps in cybersecurity.
No individual, business or industry has been left untouched by the pandemic. However, few are as deeply affected as those in healthcare.
Yet, the ability of the healthcare industry to transform itself so quickly during the pandemic is largely due to rapid digitalization trends in recent years. Across the region, we are also seeing more partnerships between healthcare players, governments and tech companies.
It is clear the digital door to healthcare has been pushed wide open, and patients and staff have stepped right in. Patients now expect the ability to access medical services regardless of location, while staff and business partners want to be able to do their jobs anytime and anywhere.
Balancing digital access and risk
While there is growing pressure to make quick-fix digital changes permanent, this also exposes the industry to more risk, as evidenced by numerous data breaches across the Asia Pacific region (APAC).
Just last month there were high profile cases involving government hospitals in Thailand, while the Office of the Australian Information Commissioner had noted that the Australian healthcare sector suffered the most number of data breaches between Q1 and Q2 this year.
One reason is that the move towards telemedicine means that third parties outside of healthcare organizations can now access electronic health records to facilitate provision of services. This can potentially lead to sensitive patient data being compromised if server access is not properly secured.
This puts healthcare entities in a difficult situation. They must make their recent modernization strides for operational continuity and modern healthcare digitization permanent, while at the same time they must enhance cybersecurity measures to protect soft and valuable targets (electronic health records, intellectual property, and member info).
Navigating unexpected turbulence
To stay ahead of an ever-evolving threat landscape and malicious actors that are quick to pivot their attacks, healthcare entities must rethink their approach to infrastructure and security.
To improve their defenses, they will need to tackle challenges on a number of fronts:
- Moving away from legacy IT infrastructure
Legacy IT systems are widely used by several medical devices within the healthcare industry, but are typically not supported by security patches and updates. Across the healthcare ecosystem, this could potentially expose healthcare organisations to a multitude of security vulnerabilities.
To tackle the issue, healthcare organizations should look towards shifting their infrastructure to the Edge. By doing so, providers can unburden internal systems, increase protection from unsecured medical devices (think: BYOD), and provide that extra layer of security from other external partners (such as billing partners, HVAC systems, external consultants and vendors).
- Minimizing potential of backdoor access from an increasing number of MedTech devices
Increased digitalization has led to opening up increasing numbers of access points to the network, be it through telemedicine providers, medtech devices, or staff working remotely.
According to one survey by Bain & Company, 50% of patients polled were expecting to use digital health tools in the next five years, alongside a huge shift towards the adoption of MedTech devices. Of concern is the personal patient data these external vendors and devices will collect, which will make them attractive targets for cybercriminals.
To ensure only the right people have access to the network to protect patient information, and prevent disruptions from cyberattacks that can impact continuity of care, it is paramount that healthcare organizations shift towards a Zero Trust approach. This will limit an attacker from gaining access to valuable data, and strengthen their defenses against new and evolving ransomware, malware, and phishing threats at critical points in the attack chain.
- Fixing poor cybersecurity awareness and hygiene
It is likely that cybersecurity awareness has not kept pace with the rate the healthcare sector has transformed to digital. To lower the possibility of data breaches due to negligence, healthcare organizations should look to educate patients and staff on the cyber risks that come with more convenient access to healthcare services.
Charting a secure path forward
Just like how planes typically have a variety of flight instruments that help pilots planes smoothly, healthcare providers should incorporate automated guidance and navigation instruments for cybersecurity.
Tools such as Zero Trust and edge computing need to be within their operation flight kit to ensure a smooth, safe and uneventful travel experience.