Anxious about healthcare data security
Singapore experienced its largest ever cyber-attack when healthcare group SingHealth suffered a data breach in July this year, which affected about 1.5 million patients' records. Their non-medical personal particulars were illegally accessed and copied.
This comes a year after the global WannaCry cyber-attack in May 2017, crippling parts of the National Health Service (NHS) in Britain and locking data on computers with demands for payments of $300 to $600 to restore access.
Cyber-attacks can cause panic in many businesses and can attack any industry, from healthcare, education, manufacturing, to the government.
Gaining control over power plants can impact and disrupt a large population by causing blackouts in the city. Targeting a utility plant can cause huge disruptions to the country by cutting off or contaminating the water supply, resulting in devastating consequences.
Reacting or fixing any form of breach on any industry can be costly. Everybody wants the best technology, the best solutions to defend against these attacks. But companies need to know, people are its greatest assets.
Cyber-attacks and their breaches are not executed by technology; they are the work of other intelligent people. Therefore, it is good business sense to level the playing field by having real humans on the other side of this, often referred to as “hand-to-hand combat”. With any cyber threat, the first and last line of defense are always prepared leaders and employees.
In healthcare, an individual's electronic health record or medical billing information from their health insurance can fetch exorbitant prices on the black market. Paul Ducklin, senior technologist at Sophos said, “Anyone affected in (a) breach has no choice but to assume that their personal information will end up for sale in the cyber underground, ready for active abuse by cybercrooks.”
When it comes to cyber security challenges in the healthcare industry, it is a different environment to defend and secure. Olli Jarva, managing consultant, software integrity group at Synopsys shares that the healthcare industry shares the same shortcomings as other enterprises, but with some added obstacles.
- Dealing with an extremely heterogeneous environment. While IT servers are standardised, there are many devices (e.g. MRI and CT scanners) that are attached to the network.
- A healthcare organisation may have multiple operations units, and each unit may procure software solutions that best meet their needs, but may not have uniform cyber security effectiveness.
While technology can move the industry ahead, criminals who have access to the same advancements are innovating at a much faster speed. Your healthcare data is worth more than your credit card and social security information to the criminals and should be properly secured.
Lim Guan Yu
You can reach me at [email protected]