HBI Deals+Insights / News

Cybersecurity: Four things operators must do

Joe Quiruga July 21, 2023

Cybersecurity is important for healthcare. Data and system breaches could take away patient privacy, destroy their trust in much-needed data collection, cost a bucketload of ransom money or even risk patients’ lives. So what can operators do to protect their data? Here are 4 things we’ve learned from talking to experts recently.

  1. Keep systems up to date

The modern operator runs many different systems and if these aren’t up to date, they can be compromised.

This sounds simple enough.It’s not. In the recent HCA data breach, where 11m patients had their data stolen, the data was held in a hub and spoke model where the hospital was the hub and the hacked email processing facility was the spoke. Add to this the complexity of running healthcare services, and it’s a serious problem. Lloyd Price, the CEO of healthcare cybersecurity providers Hive Health, says hospitals have so many moving parts it’s not often clear who is responsible for what. This makes something like updating a fringe application an easy thing to miss.

  1. In case of cyberattack, heal the system

This is provided by companies such as Absolute Software. Absolute’s EMEA VP Achi Lewis explained a key part of the model is to heal breached systems before the device is reconnected to the server.

  1. To lessen reputational risk, stay compliant and explain

Cyberattacks can cause reputational damage (although, not always, members can read our story for more information). It’s important to avoid this damage if you want to be trusted to hold patients’ data and especially if you want to be trusted to do research with it.

Operators need to follow the rules and explain what they’re doing to patients. In the case of a breach, a clear action plan should help lessen reputational damage.

  1. Understand the risks your business faces

Mapping out software networks and understanding – and exercising – digital hygiene around endpoints where hackers could access systems is important.

It is also important to make sure data is transmitted properly, with the right people accessing the right data. Price explained it’s often in the transmitting of data that it becomes less secure.

For example, HCA’s warehouse held enough non-clinical data for hackers to know the names and emails of patients. Had this been segmented and transferred differently, it may have been as inconsequential as with digital health company Kry’s leaking of hashed data last year – no one could use it so there was no real reputational damage attached.

We would welcome your thoughts on this story. Email your views to Joe Quiruga or call 0207 183 3779.
Article Tags
Blog FollowBlog of the week Follow
Related Stories
Optum and Walmart fail at telehealth and low-cost care — what does this teach us? 3d ago
Patients demand innovation, and health systems need it 1w ago
A new HBI for a new era 2w ago