Kaspersky exec discusses healthcare security

Examining the role of IT security within the global healthcare market

Tags: Cyber crimeHealthcareKaspersky LabUnited Arab Emirates
  • E-Mail
Kaspersky exec discusses healthcare security Maxim Frolov, managing director of the Middle East, Turkey and Africa, Kaspersky Lab.
By  Maxim Frolov Published  December 30, 2017

In recent years, the healthcare sector has faced increasingly intense and complex cybersecurity threats. Organisations are spending more money than ever on security, but hackers are persistent and will keep trying to finding ways to continue stealing sensitive data, including personal medical records.

Healthcare companies suffer from cyberattacks no less than other targets do. The big difference is that in the case of public health companies, what’s at stake is not only business, but also human health.

Technavio’s analysts forecast the healthcare IT market in UAE to grow at 11.12% until 2019 and this number will keep on increasing because the world has just started to witness the important role that IT is playing in this sector. Technologies nowadays range from pacemaker with wireless capabilities to 3D printing of fragile organs and as hospital technology evolves, so will the threats. Still, malware epidemics are not the only threat. According to data published by the Identity Theft Resource Center, a noncommercial organisation, almost 25% that resulted in personal data theft in the first half of 2017 took place in organisations associated with medicine or healthcare. And of course, this is a field in which personal data often contain highly classified or confidential information.

Hacker targets

Healthcare IT systems have only recently become attractive targets for cybercriminals. That is because healthcare organisations are increasingly holding more and more lucrative patient data — personal and financial information that cybercriminals can use to commit identity fraud.

Furthermore, with more healthcare services being provided online and the use of mobile devices increasing, hackers are exploiting new vulnerabilities and using ransomware to take systems down. With the lives of patients at stake, many organisations decide the best option is to pay the ransom to retrieve data and get their services restored.

Unfortunately, it’s difficult to see a future beyond an escalated game of cat and mouse playing out between healthcare security and hackers. The recent spate of attacks on hospitals around the world has certainly raised awareness of potential threats, but one might also argue that the ease in which some groups have attacked healthcare systems has also highlighted the rewards for hackers.

Updating IT systems

There’s plenty of evidence that cybercriminals are targeting less-modern systems, and over the next five to 10 years we expect healthcare providers will invest in updated technology for greater security.

The challenge for IT managers in this sector has always been managing an infrastructure built over diverse and overlapping technology waves, often with gaps between the layers that enable hacker access.

The systems are cumbersome and difficult to manage. In many cases, the manufacturers of system components no longer provide support for the products. Legacy systems, especially those more than a decade old, are extremely vulnerable and often integrated too deeply into an organisation’s infrastructure to be replaced. But as security threats intensify over the coming years, replacing these systems with modern IT will become a priority for healthcare providers.

The Internet of Hackable Things

As more critical medical equipment and devices move online, the stakes for security are high — malicious actors hijacking and controlling them could have deadly consequences. As more and more of the medical devices people depend on to stay alive are being networked, Internet of Things (IoT) security is fast becoming a higher priority. If not tackled effectively, security concerns could hamper the development of mobile and wearable devices, which have exploded on the healthcare scene in recent years. Unfortunately, many of the problems with medical devices can’t be fixed with a simple software patch — instead, the systems must be re-architected, and that takes time. It could be years before hospitals and patients see more secure devices.

Protecting Data

Big data and data analytics open doors to precision medicine, population health, and value-based care. But often they are let down by poor management procedures for data protection. Hospitals need to improve working practices; a large proportion of data breaches come down to human error. Most hospital systems have many shared workstations and shared passwords, something not regularly seen in other industries.

Hospitals also have to deal with the challenge of a proliferation of data from a wide range of sources — from mobile devices to data generated from health monitoring sensors. As a result, hospitals are under pressure to maintain numerous isolated IT assets and the data that resides on them.

Until data security is addressed, health IT professionals will continue to face major barriers to the widespread adoption of new technologies. Therefore, we expect healthcare providers to take steps over the next few years to improve security by putting reliable access management procedures and systems in place. As well as keeping operating systems, browsers, and applications up to date, this will include enabling strong access security controls.

By combatting security threats head on through systems that are built from the ground up with the management and protection of data in mind, we can realise a future in which healthcare technology transforms our lives for the better.

Kaspersky Lab pays particular attention to healthcare security. We have been collaborating with large medical companies for years already. We know what to protect and, more important, how exactly to protect it.

Maxim Frolov, managing director of the Middle East, Turkey and Africa, Kaspersky Lab

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code