BUSINESS INSIGHTS
healthcare services , which are essential to guarantee patient care and safety .
Cyber awareness training
The major disruption and damage of a cyberattack upon healthcare highlights the important necessity for healthcare staff to receive cybersecurity training so they can contribute to the protection of these vital hospital-use equipment . Regular training can help medical employees recognise the warning signals of a cyberattack , know when one is happening and know how to reduce any risks to patient safety .
Training should include :
1 . Basic cyberhygiene tips – including using strong passwords that are changed regularly , enabling multifactor authentication and not clicking on unknown links .
2 . Awareness – training employees to recognise the signs of a device that is acting differently from how it should and when it needs to be reported to IT services for review . This should also entail ensuring that medical personnel are well-versed in the risks associated with using these medical devices , such as understanding what a ransomware attack is , what its effects are , how it is initiated and how to respond to unknown emails and steer clear of phishing emails .
3 . Correct processes – medical staff members should be aware of the proper procedures for safely connecting medical devices in order to avoid common mistakes like these devices connecting to a public Wi-Fi network .
4 . Clean up – all online-connected medical and IT systems need to be properly maintained and managed in terms of IT hygiene . Requirements for IT hygiene should be flexible .
5 . Incident response plan – in the same way that everyone has a part to play during a fire drill , there should be an action plan in place in the case of a cyberattack . Without a suitable cybersecurity incident plan and software backup solution , healthcare organisations run the danger of losing patient data , having an adverse impact on patient care and safety and having their brand name damaged . All employees should be aware of their role and place within this plan .
6 . Crisis simulation training – once your incident response plan is in place , testing this through a crisis simulator is recommended . Crisis simulators are training exercises in which fake crisis scenarios are presented . For example , a ransomware attack , in order to assess employees capacity to adhere to their incident response plan religiously and respond to a crisis successfully .
Cybersecurity training should be performed regularly to ensure staff are up-to-date with the latest developments in the field . Health facilities should regularly review and identify knowledge gaps among staff in order to provide pertinent and effective training .
Since many healthcare professionals regularly interact with these devices , their actions are therefore crucial to the prevention of cybercrime . They serve as the patient safety ' s eyes and ears , managing and keeping a watch on crucial medical and other IoT devices needed to diagnose , monitor , manage and treat patients .
Most medical devices are employed in hospitals and clinics , but since COVID-19 , the number of remotely monitored patients has risen . There ’ s an increasing number of traditional and wearable devices sent home with patients , allowing care teams to monitor patients remotely from their homes . This means more systems communicating back to hospitals across the Internet and a greater attack surface for cybercriminals to exploit .
Securing medical devices
With so many medical devices now connecting to the network , how can the industry secure them ?
The inventory , risk analysis and risk remediation of hospital IoT ( HIoT ) linked devices can now be dynamically automated by cybersecurity providers using compensating security measures thanks to advances in the next generation of IoT security technologies . Artificial Intelligence ( AI ), Machine Learning ( ML ) and DigitalTwin technology are used to achieve this . With the aid of current network access control ( NAC ) tools , these technologies enable highly precise analysis and identification of discrete systems , passive risk assessment of frequently delicate life-sustaining
Richard Staynings , Cyber Security Strategist , Cylera
equipment and can be seamlessly integrated and automated into the network .
This is an excellent illustration of how cutting edge security tools are being used to mitigate new risky medical equipment . As many HIoT devices cannot be updated with security patches , medical device ‘ enclaving ’ or ‘ network segmentation ’ acts as an efficient form of remediation , lowering threats to patients and the medical network . Regulators often allow this compensatory security measure , which enables the on-going safe use of otherwise end-of-life medical devices .
To protect against the growing threat of cyberattacks , what is required is a combination of people , processes
and technology . Advances in AI-based cybersecurity tools means healthcare organisations can now automate the entire security process through a progression of asset identification , risk analysis , profiling and improved medical device management . However , you ’ re only as secure as your weakest link , and medical staff members are a critical factor in keeping healthcare cyber secure and protecting what matters most – patient care . x
CYBERSECURITY TRAINING SHOULD BE PERFORMED REGULARLY TO ENSURE STAFF ARE UP-TO-DATE WITH THE LATEST DEVELOPMENTS IN THE FIELD .
68 www . intelligentcxo . com