Three challenges in implementing cyber security within healthcare

Have you stopped and thought recently about how much of your life now takes place online? Not only do we default to online services for more or less every aspect of our daily routines, we depend on connectivity in order to get the basics done. As our reliance on devices with an internet connection skyrocketed in large part due to the pandemic, so too did our exposure to cyber attacks. 

You’ll often hear Stratia Cyber advocating for the government-backed Cyber Essentials certification scheme, recommended by the National Cyber Security Centre. Generally speaking, investment in the right cyber security tools ensures that IT is secured. This can give an organisation a clearer idea of its cyber security level – and enhance the trust of customers and stakeholders.

And while our phone or laptop battery often feels critical to life, pressure has never been higher on the industry that provides us with essential healthcare to improve its cyber resilience. A recent survey conducted by the Ponemon Institute revealed just how seriously a ransomware attack can impact timely patient care – a reminder of what ‘critical to life’ really means in the context of our health services. 

In their book, “The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives,” writers Peter H. Diamandis and Steven Kotler note that healthcare will be one of the first industries impacted by the 21st century’s converging technologies – a list of emerging innovations that includes 5G, wireless sensors, and blockchain databases. These technologies improve connectivity, increase efficiency, and decrease costs. They also increase the risk that cyber criminals will breach medical systems, compromise valuable data, or worse.

A long list of legacy issues exist as barriers to getting buy-in for better cyber security in the healthcare sector. From complex IT infrastructures to low risk appetites, the next edition of SC Insights shines the spotlight on three client case studies that each represent a different level of interaction with the healthcare industry. 

Here are just three challenges that the healthcare sector must navigate when it comes to implementing cybersecurity.

Complex cyber threats

As technology evolves, so too does cybercrime. A report by Digital Health documents how the acceleration of digital usage during the pandemic led to an increase in the volume of cybersecurity attacks in the UK and Ireland. In the healthcare sector, the most popular methods of attack were impersonation, AV, and spam campaigns that linked to dangerous malware and other threats. Identifying criminal organisations behind these campaigns comes with a separate and equally complex list of obstacles, though in the majority of cases the damage will already have been done, even if we could identify and track them down. 

Worsening talent shortage

According to the cybersecurity news website Security Week, nearly 2.7 million cybersecurity positions remain unfilled worldwide. Given how in-demand the profession is, it can be difficult for healthcare professionals to scout employees with enough experience and expertise to keep data as valuable as medical records secure. Because of this, healthcare professionals need to familiarise themselves with the modern job market. Security Week recommends scouting talent at college job fairs, gaming conventions, and hackathons. If resources are available, organisations can also partner with universities or learning institutions to build connections with professors and students in the technology field.

High costs

Needless to say, it can be costly to maintain an effective cybersecurity program. A healthy cybersecurity budget should equate to about 14% of an organisation’s overall IT budget. Associated costs include software, security tools, upgrades, employee training, third party services and compensation for cyber security staff.

Given these costs, securing approval at board level for funding represents a serious hurdle. To demonstrate the ROI of cybersecurity, healthcare organisations need to make stakeholders aware of the costs of going without protection. Data from the Cyber Security Breaches Survey 2021 shows that cybersecurity breaches can cost medium and large firms approximately £13,400 over the course of a year. Even if cybercriminals do not target hospital systems directly, patient data, including financial information and social security numbers, is highly valuable. This almost certainly impacts reputation as a result of loss of trust in the organisation, which amounts to an additional cost – just one that’s not as clearly quantified.

All things considered, implementing cybersecurity comes with a multitude of challenges much longer than this list. However, wherever those already living with ill health become the potential victims of a cyber attack – organisations simply must take a more proactive approach. 

Prepared by Ruby Jacque for Stratia Cyber