We are part of theICEway along with eTestware and ICE. Together, we deliver a complete digital solution for clients in sectors including healthcare. Our group of IT brands are all either celebrating or approaching significant milestones. CRIBB turned 5 in November 2021 whilst eTestware will be 8 in February 2022. ICE, the core of our ecosystem, also has a birthday in the new year and will turn 15 in May. As a result of these key dates, we’re all feeling a sense of nostalgia. Today then we decided to look back at cyber security in healthcare to see what has changed in the past 15 years.
Healthcare: A huge target for cyber-criminals
Before we look back it is crucial to emphasize how susceptible the healthcare sector is to online attacks. There is a high demand for patient information and with outdated systems in use, many criminals position it as their biggest target. Here are more reasons why healthcare is a focal point:
- Patient information is worth a lot of money to attackers
- Medical devices represent an easy entry point
- There is a lack of education in online risks for healthcare staff
- The number of devices used in hospitals provides attackers with more opportunities
Cyber security has evolved in recent years as technology has grown. It is now given far greater importance by organisations both large and small and across various industries. The GDPR proved successful in 2018 at highlighting security risks. Associated data breach fines increased awareness. Those in health and medicine were encouraged to do more by the 2016 National Data Guardian review. That meant they must implement the Cyber Essentials scheme as a minimum measure. The DSP Toolkit then replaced the Information Governance (IG) Toolkit in April 2018 as the standard for cyber and data security for healthcare organisations. But what was it like 15 years ago, when Ian Richardson and Conor Byrne were laying the core foundations for theICEway?
Healthcare cyber security, 2007
In 2007 the Estonian government created a robust new cyber security strategy. This followed an unprecedented cyber-attack which caused mass disruption, including to hospitals. Fast-forward 15 years and Tallinn is the HQ of NATO’s cyber defence centre of excellence (as well as being the HQ of eTestware!). This is just one event of course but certainly demonstrates what can be achieved with the right attitude and the right response. Also in 2007, the former US vice-president Dick Cheney had his heart implant modified for fear of terrorist attack. It emerged that his doctor disabled the heart defibrillator’s wireless function to prevent would-be assassins from interfering with it.
Certainly an extreme example of cyber security in healthcare, this nevertheless shows how important it is for those within the sector to be ‘cyber aware’. Especially considering it is an industry which revolves around highly-sensitive data; healthcare is the top target for those deploying ransomware attacks.
Security tips to consider
- Create a security culture
- Implement regular cyber security training
- Use firewalls
- Install anti-virus software
- Implement secure access controls over sensitive data
- Limit network access
There are many actions you can take to become more cyber resilient. CRIBB Cyber Security has helped public and private healthcare organisations for many years. We can help you too…