Health systems struggle to keep up with hackers


By Dylan Bushell-Embling
Tuesday, 12 May, 2020



Health systems struggle to keep up with hackers

Training programs and tighter regulations could pose the answer to Australian and other health systems struggling to keep ahead of cyber attackers, according to research from UNSW.

The research found that health systems internationally are finding it difficult to keep up with the growing use of cyber technology by nefarious actors.

Hospitals are still often running outdated, legacy operating systems that can be easily exploited by hackers.

The ongoing digitalisation of nearly all systems, such as radiology, pathology and patient records, is also posing a challenge because corresponding cybersecurity requirements have not been evolving as quickly.

The report found that while interconnected digital systems such as My Health Record can be life-saving tools, when inadequately secured they can also put lives at risk. Well-aimed ransomware attacks, for example, could cripple hospital functioning.

“Digital health records can also be used for precision harm against individuals,” added research co-leader Professor Raina MacIntyre of the UNSW Kirby Institute.

“It has been shown, for example, that CT scans can be hacked and altered so that evidence of cancer can be removed or added — imagine the harm that could cause if an individual were targeted in this way.”

The research also found that attacks on hospitals and public health data increase during times when health services are particularly busy and overstretched.

But there are currently no cybersecurity training programs stipulated by health management accrediting bodies in Australia, noted Dr Elena Sitnikova of UNSW Canberra Cyber.

“Those in the healthcare profession may be inadequately equipped to manage cybersecurity threats or breaches. Cybersecurity is everybody’s business — from health administrators in the reception area to surgeons in the operating theatre,” she said.

“A culture of cybersecurity maturity must be proactively developed within healthcare systems to help mitigate cyber threats.”

Another solution could involve introducing more stringent regulations, with Sitnikova using the example of the US Healthcare Insurance Portability and Accountability Act (HIPAA).

This legislation mandates encryption, reporting of breaches, education and risk assessment for the healthcare sector.

“We need to follow best practices which already exist and customise them to our own needs in Australia. Even with the HIPAA, the US still faces cyber attacks on hospitals — so we are even more vulnerable,” Sitnikova said.

“There is an expectation of the public that their medical records are safe.”

Image credit: ©stock.adobe.com/au/santiago silver

Originally published here.

Related Articles

The role of video and audio tech in health care

With the right technology, medical services like appointments and student learning can be...

Health on the other side of the COVID-19 pandemic

The healthcare framework is changing as new access points to health care open up in the digital...

The future of conversational AI and health care

Technology is helping clinicians connect to patients wherever they are, while conversational...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd