 |
| Nearly everything is now connected. |
It should be no surprise then to any of us, that this interconnected world that we have built for ourselves, presents not only a shifted paradigm in health treatment practices, but one that presents unique new challenges to secure hospitals and other healthcare services.
The 'Internet of Everything': - connected hospitals, connected cities, connected cars, and other ‘things’, has changed the face of security. No longer can we build walls around our business and IT systems; today the security paradigm is one of controls without absolutes, without well-defined boundaries and perimeters; walls which were once easy to secure.
Attacks by opportunist cyber criminals, are increasing in size and scope as they search to maximize their impact. Thanks to greater reliance on technology in our hospitals, the impact of a cyber attack on a healthcare provider is now enormous. The lack of clinical systems availability to treat patients (because of a ransomware or denial of service attack), threatens the lives of patients in our hospitals and clinics. Healthcare is part of our critical infrastructure and as we add IoT devices inside and outside of the hospital, we need to be extremely vigilant in making sure that every precaution is taken to secure and protect critical health IT systems.
This includes addressing widespread problems in our hospitals, some of which have been responsible for the recent spate of ransomware attacks against health systems. These include slow patching of IT systems with known critical vulnerabilities, retirement of old no-longer supported platforms and applications, daytime-only security operations, and lackluster poorly practiced security incident response procedures.
Ransomware is a current favorite among attackers, but this appears in its latest iterations to have evolved into DeOS or ‘destruction of service’ offering no return for those not equipped with full off-site and disconnected backups. Even then, the time to restore and rebuild for most organizations is prohibitive, certainly not if a patient's well being depends upon the availability of an IT system.
Improved visibility, comprehensive 'round the clock' security operations and effective security incident response has become key to business continuity and keeping hospitals open. The first step however, is understanding what you are up against, how both exploits and defenses work, and what tools and technologies are available to bolster your security people and processes.
This was the subject of an hour long webex presentation given last week to healthcare IT and security leaders across Canada by Sean Earhard and myself. To watch the recording, open the link below to the Webex player.
Watch the WebEx recording
 |
| Healthcare in Canada is just as vulnerable to IoT. Photo: Kai Oberhauser. |
