Its databases contain sensitive information on all its patients: reports, tests, images, diagnoses, etc.
Organizations linked to people's health have a greater possibility of suffering cybercrime. It is estimated to be the third most targeted sector by cybercriminals in Spain. In fact, globally it is the one that reported the most incidents in 2022, 74% more than in the previous year (much higher than the 38% overall).
Organizations in the healthcare sector are very interesting for cybercrime because their databases contain sensitive information on all their patients: reports, tests, images, diagnoses, etc. On the other hand, it can generate significant chaos in hospitals, where all processes are computerized. This is an important incentive.
The healthcare sector is the third most targeted by cybercrime in Spain.
Through the meetings of the Healthcare Forum of the Club Excelencia en Gestión (Excellence in Management Club), a list of recommendations has been designed to help prevent these cyberattacks and, if they occur, to minimize their impact.
Keys to improving healthcare cybersecurity
Invest as much as possible in an efficient way, but spare no expense. The repercussions of a cyber-attack are usually disastrous, averaging around 10 million euros. The most striking example is the one suffered by the U.S. insurer Anthem in 2015. It affected 78.8 million patients and cost it some €400 million in cleanup, recovery, lawsuits and investigations.
Supply chain security. It is estimated that almost half of the data that leaves a healthcare organization in a fraudulent manner does so silently channeled through suppliers with whom there is some link. They too should be required to have a strong commitment to cybersecurity in a certified manner.
Be aware of new 'cyber regulations'. It is essential to have continuous advice in this area in order to comply with the law and also to prevent problems detected from other sectors. One example is the transposition of the European NIS2 directive into Spanish regulations, to eliminate existing divergences between member states in terms of network security and information systems, which will come into force in the fall of 2023.
The Club Excelencia en Gestión has extracted 7 keys to improve cybersecurity in the healthcare sector.
Understanding from governance. Management bodies must approve and take responsibility for the cybersecurity risk management measures adopted. This involves training and understanding, in order to increase awareness.
Security policies and risk analysis. Constantly measuring and searching for weaknesses in order to correct them immediately, and at the same time incorporating incident management specialists in the teams, capable of detecting and eliminating vulnerabilities.
Training to raise awareness. Many people work in healthcare organizations, and most of them use IT resources linked to the center's network. They all need to be aware of basic cyber hygiene practices: avoid downloading or clicking on suspicious links, be careful when using external USB devices... And to raise awareness of the problems this can lead to, training is essential.
Strong access mechanisms. A classic that cannot be overlooked, because cybercriminals sometimes gain access through simple passwords.
Source: iSanidad.
|
Subscripción via RSS |
·