By Doros Hadjizenonos, Regional Director Southern Africa, Fortinet
The Covid-19 pandemic fast-tracked digital transformation in South African healthcare systems, but this overnight evolution may have left infrastructures and patients more vulnerable to cyber criminals. Social distancing and the resulting rush to offer digital healthcare solutions may mean that some organisations are inadequately secured against cyber attacks.
Healthcare systems have become a very attractive target for cyber criminals, attacks have become a global regular occurrence. In 2020, organisations faced a dramatic spike in ransomware attacks. They were successful because they disrupted operations at a time when health systems were extremely challenged. Some of them were forced to pay tens of millions of dollars in ransomware settlements, to avoid risk of losing patient treatments, vaccinations and test results. Unfortunately, it didn't stop there, attackers have since moved on to focus on payroll, staffing and scheduling, revenues, billing and electronic medical records via cloud application providers.
When cyber criminals threaten the healthcare systems, it leads to financial losses and puts patient safety at risk as attackers often leak information online. The US Department of Health and Human Services’ Office for Civil Rights’ breach portal shows 686 healthcare data breaches of 500 or more records in 2021, with millions of records breached.
“The integration of Internet of Medical Things (IoMT) also contributes to the ever-growing attack surface. We can imagine that cyber criminals could shut down critical HVAC, water, oxygen or monitoring systems, or delay or derail life-saving procedures,” Hadjizenonos continues. The potential for harm to be caused to patients through connected medical devices has prompted authorities such as the US Food and Drug Administration to monitor the risks and issue alerts about the risks of leaving devices unpatched, or allowing unauthorised users to access, control or issue commands to these devices.
Adopting a mesh type architecture approach to security and zero trust solutions are crucial for safeguarding healthcare systems and patients. From the ground up, security must be built into the business practice and must be a prime consideration when a business wants to adopt new technologies or clinical workflows. Healthcare enterprises also need to assimilate all branch locations and distributed workers into an integrated cybersecurity architecture.