Only matter of time before someone is damaged in cyberattack

Return to eHealthNews.nz home page

Picture: SecureCom managing director Chris New

NZHIT guest column by SecureCom managing director Chris New

Cybersecurity is every health practitioner’s responsibility – otherwise the health sector is at risk of playing catch-up and falling a step behind the cyber criminals.

A mega cyberattack in the health industry is deliberate, targeted and often well planned – and no one is spared. This was the experience with the recent Singapore government health database breach that included the prime minister’s patient data.

At our doorstep, New Zealand National Party official documents show how prolific cyberattacks are, with up to 800,000 cyber incidents per day reported on the Bay of Plenty District Health Board. It might sound far-fetched but the rate at which cyber threats are advancing, it’s only a matter of time before someone gets hurt and ultimately, damaged, due to technology ‘glitches’ introduced by the malevolent actors.

Crucial to protect patients’ information

In light of the increase in digital innovations in the health sector, protecting patients’ information, regardless of whether it is paper-based or electronic, is crucial to maintaining security and privacy. 

As with any new technology, hackers will look for both unknown and known vulnerabilities. This mention is a reminder of the UK National Health Service’s disastrous WannaCry ransomware attack that crippled its operations and had enormous cost implications. Ransomware, a malicious software that encrypts data on a computer system, is a common form of cybercrime.

Any disruption to your infrastructure has a ripple effect on operations – that’s why you need to take more of a business-driven approach to cyber risks. We believe advancement in digital technology should not necessarily create risks elsewhere that would hinder the adoption of smart technology which in turn supports long-term business progress.

In order to overcome some of these risks, security teams use current innovation tools to quickly monitor and understand the ‘new normal’ introduced by employees and external parties into our networks and environments. Specifically, in the health sector there is a need to identify secure ways for medical practitioners to access patient information on their mobile devices.

Convenience, security and privacy is a balance that’s yet to be achieved in patient care. ableX healthcare Limited CEO Elliot Kernohan points to a New Zealand Health Strategy funding model that unfortunately limits the extent to which digital revolution enables opportunities for better health delivery. In the context of cybersecurity, the costs need to be factored in to any strategy for digitisation of services.

Security should not be an afterthought

Security, with medical practitioners, especially because of the sensitive nature of the data, should not be an afterthought when defining a cybersecurity strategy.

As a first step, one should ensure their understanding of the role they play in keeping patient information secure and private. It doesn’t have to be boring, and some security training programmes are delivered in a fun but effective way while keeping everyone engaged. So far, we have delivered over 60 workshops to New Zealand organisations, and from this there has been an increase of interest from staff about security within their organisation and at home.

The biggest source of optimism is taking security and privacy and making it part of the cybersecurity culture within the health industry. For example, seminars by NZHIT and initiatives by government agencies such as the Cyber Credential Scheme are designed to ensure New Zealand companies are protected against cyber threats.

Getting these kinds of discussions into district health boards, and creating continuous momentum with medical practitioners, not only helps delegate security as everyone’s responsibility, but takes it a notch higher that’s beyond technical considerations.

Failing that, the health industry will be at risk of playing catch-up and falling a step behind the cyber criminals.

Chris New is the managing director of SecureCom.

Return to eHealthNews.nz home page