Cybersecurity has become one of the most relevant issues in recent times. The emergence of COVID-19 has accelerated the adoption of telemedicine and digital health services, bringing to light security breaches in the healthcare sector, increasing attacks on healthcare services and healthcare organizations in a very worrying way.
This statement is confirmed by data published in annual reports from the National Security Department, the Spanish Data Protection Agency, the National Cyber Security Institute (Incibe) and the National Cryptologic Center through its Incident Response Center (CCN-CERT).
The appearance of a cyberattack could mean the rescheduling of appointments and surgeries, the diversion of emergency vehicles, the closure of care units or even entire organizations. Responding to these risks requires much more than a security program to prevent attacks on critical devices or systems.
The level of protection of healthcare data is at the top of the pyramid in terms of sensitivity, so building trust and confidence from patient to patient is paramount.
Some of the most relevant factors and challenges are listed below:
Vulnerability of connected systems and devices.
The exponential growth of IoT devices connected to the network combined with the heterogeneity of networks and dependence on obsolete systems, greatly increases the vulnerability of systems.
Staff training and best practices
In many cases attacks come from bad practices carried out by individuals within an organization. Adequate staff training provides effective preventive protection against multiple attacks.
Preserving the aspects of information security
- Confidentiality: information must be accessible only to those who need it.
- Integrity: the information must remain unalterable.
- Availability: the information must be available in the system when it is required to provide the appropriate service.
- Authenticity: ensure the veracity of the origin and destination of the information, the traceability of the data.
- Privacy: it is essential to comply with the latest security protocols.
Responsible for information security
Each organization must identify or appoint a person responsible for information security, the CISO (Chief Information Security Officer), who will be responsible for the planning, development, control and management of policies, procedures and actions, in order to improve information security. If it is not possible to have this figure within the staff, this responsibility should be entrusted to specialized companies and professionals.
All this context leads us to emphasize the importance for healthcare organizations of investing in cybersecurity. The impact of a potential attack affecting the continuity of healthcare can have disastrous consequences, the first and most important of which can affect the safety of patients and professionals, followed by significant economic losses or poor reputation, among others