In sub-Saharan Africa, making healthcare services more accessible can be achieved through digital services. With World Patient Safety Day on 17 September focusing on the theme of medication safety, Kaspersky notes that this must also extend to protecting patients medical data.
In sub-Saharan Africa, making healthcare services more accessible can be achieved through digital services. Telehealth solutions have been well-received by the industry and patients alike, more so during the pandemic when it became a necessity. With World Patient Safety Day on 17 September focusing on the theme of medication safety, Kaspersky notes that this must also extend to protecting patients medical data.
Given that less than 5% of GDP is allocated to healthcare spending across most countries in sub-Saharan Africa, digitally driven health services offer significant opportunities for providers to offer quality care – and across more geographically dispersed areas. However, this is only sustainable if there is a global improvement of data security for those solutions.
Since 2017, the healthcare industry has been the most targeted by cyber criminals. According to Kaspersky, the wake of the pandemic in 2020 saw cyberattacks on healthcare groups globally increase significantly. While large healthcare companies are being targeted by Advanced Persistent Threat (APT) groups and ransomware gangs, there has also been a marked increase in attacks on small- to medium-sized healthcare businesses.
“While other critical infrastructure sectors experience these types of attacks, the nature of the healthcare industry’s mission poses unique challenges. For healthcare, cyberattacks can have ramifications beyond financial and reputation loses and breach of privacy. Hospitals rely on thousands of Internet-connected systems to operate, and if these systems fail or are attacked, the ability to provide critical patient care can be compromised. Ransomware, for example, is a particularly dangerous form of malware for hospitals, as the loss of patient data can put lives at risk,” says Sergey Lozhkin, Lead Security Researcher at Kaspersky. “In hospitals, there are many networked systems, hardware and software that come from different suppliers, and different responsibilities for different groups of staff. Making this mix resistive to cyberthreats can be challenging.”
Medical data’s richness and sensitivity make it extremely valuable for threat actors to exploit. Thanks to the need to make healthcare and the related data more remotely accessible and sharable during the pandemic, new doors to cyberattacks opened to exploit such data. Furthermore, budget restrictions have resulted in healthcare providers using outdated IT resources, including cybersecurity software, leaving them open to compromise.
As an example, the limited security of medical devices makes them relatively easy entry points for cybercriminals. Added to this is how many healthcare staff are not educated in how to recognise and deal with even the most basic cyberthreats.
This is where having advanced cybersecurity solutions in healthcare become critical. If healthcare organisations want to continue to rapidly digitalise and reply more on technology to improve overall patient care at hospitals and to allow for the likes of telehealth services to be carried out effectively, they need to look at ensuring the protection of their networks, endpoints, and all devices used to access cloud storage. Such a focus will support in the protection of patient data.
Along with proper endpoint protection in place, outsourcing a Managed Detection and Response (MDR) offering from a reputable cybersecurity vendor can go a long way in supporting hospitals to achieve strong overall cybersecurity measures, and that will support in protecting patient data. MDR includes automated monitoring and response tools supported by the service provider’s security operation centre analysts. MDR experts monitor alerts from security solutions, analyse them in detail and take the necessary measures in the event of an incident or provide response recommendations. Using a MDR solution, hospitals can identify and stop attacks in their early stages before the attackers achieve their goals.
“Healthcare potentially has the costliest data breaches. With MDR in place, healthcare organisations have a proactive, round the clock security service from a trusted cybersecurity provider designed to protect patient data and mitigate against the threat of disruptions to patient care. The pandemic has also demonstrated the extent to which people are willing to share their personal data as long as the benefits of doing so are clearly communicated. Delivering a seamless healthcare experience often requires collaboration between different vendors, who therefore need to share sensitive patient data while working within the boundaries of government regulation. MDR can help defend these entry points from potential compromise,” adds Sergey Lozhkin, Lead Security Researcher at Kaspersky.
Additionally, if the volume of data currently produced by medical devices has felt like a flood, it will only accelerate due to the broader adoption of connected, artificial intelligence and related technologies. This will not only provide new opportunities for innovation, but also a new level of complexity in processing, managing, and securing this ever-more sensitive data real estate.
“The poor security of the majority of connected devices creates its own threats. Who, for example, would want to use an automated insulin delivery system if there was even the remotest possibility it could be hacked? Physical health is fundamental, particularly for medical practitioners but digital health and security is also key for the industry. Like health, it is not good enough to be reactive to potential issues that could prove dangerous. Being proactive and shielding patients from data risks will prevent reputational damage to healthcare organisations and to telehealth itself,” concludes Lozhkin.
