Smart Hospitals Need to be Secured

I want my hospital to be smart, but I demand it be secure and safe!  A new report from the European Union Agency for Network and Information Security (ENISA) outlines strong recommendations for hospitals to protect themselves from cyber risks as they embrace new technology.

protecting patient information and security is the objective of smart hospitals

The Best Care Possible

When we or our loved ones need medical assistance, we want the very best technology and care to be available.  Hospitals are upgrading to improve care, increase efficiencies, and enhance the patient experience with many new technologies.  These systems, which can range from interconnected clinical information systems, remote care devices, patient identification tools, drug management controls, and mobile clients for staff, are designed to make hospitals smarter and more effective in their purpose.  But with the influx of new technology, comes increased cyber risks.

smart hospitals require many assets to be protected and secured

Risks and Recommendations

ENISA provides security expertise and guidance for its EU member states, businesses and citizens.  ENISA’s recent report Smart Hospitals – Security and Resilience for Smart Health Service and Infrastructures describes a number of areas where assets and threats intersect to form new risks.  It also outlines good security practices, both technical and organizational, while keeping a pragmatic stance on cybersecurity.   It is a valuable read for those in the healthcare industry who are involved in protecting patients, tools, data, and services.  C-suite staff, including the Chief Information Officers (CIO), Chief Information Security Officers (CISO), Chief Security Officers (CSO), and Chief Privacy Officers (CPO), should pay particular attention to the recommendations and understand the threat scenarios.

security threats to smart hospitals can occur via human error, system failure or external cyber threats

As hospitals race to upgrade to better facilities, tools, networks, and services, they will inadvertently introduce vulnerabilities.  The key will be in properly managing these risks while gaining the benefits of the advanced capabilities.  This must begin early in the process and remain current over time.

Beyond Scary

For the last few years, the healthcare industry has been most worried about data breaches.  2015 was a particularly bad year where it reached epidemic levels.  Just the top 10 healthcare breaches affected almost 35% of the U.S. population.  As we move into 2017 and beyond, hospitals may very well look back on data-breaches as the "good ole days" when cybersecurity was easy as compared to new challenges.  Compromises in devices, diagnosis systems, drug distribution, and other critical services is an entirely different level.  Who wants to be sitting in a hospital bed wondering if the equipment they are hooked-up to could be hacked or if their diagnosis is incorrect because of data tampering?

medical hospital room in a smart hospital

The Cure

The healthcare industry is about to step into a whole new level of cyber risks. We must think ahead as technology expands to put life-safety at risk.  Hospitals and emergency care is one place where nobody wants cyberattacks to cause impacts.  The ENISA report and recommendations are a strong stride in the right direction, but more work, collaboration, and insights will be needed to keep the very best healthcare secure, private, and safe.

 

Image Source: Some images reproduced with permission from ENISA Smart Hospitals – Security and Resilience for Smart Health Service and Infrastructures report. Copyright ENISA.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags , , ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.