Medical professionals and hospital staff are working on the frontlines to save lives during the coronavirus pandemic, but also tasked with managing the confidentiality of patient data, patient safety, and communication between physicians, patients, and their families. With that brings severe vulnerabilities and weak points to healthcare system cyber resilience, maintains Virginia Tech cybersecurity expert Aaron Brantly.
In a recent blog post, Brantly said there are indications that cyberattacks against hospitals and other healthcare providers are increasing in severity and impacting the availability and quality of care.
“The problem of cybersecurity within the healthcare industry is multicausal,” he wrote. Hospitals, physicians, insurance companies, medical device manufacturers, and other groups throughout the ecosystem are increasingly leveraging Internet-enabled technologies.”
“Very often, these technologies and the software they run are proprietary and unique to each device manufacturer, hospital, and insurance provider,” Bratley added. “The custom nature of these products hinders cyber breach prevention and remediation efforts because updating them is often laborious, costly, and breaks interoperability across different platforms in a health system.”
What’s more, he said, product innovations such as the deployment of machine learning and artificial intelligence—think closed-loop insulin delivery systems—are introducing new vulnerabilities.
Bratley’s solution? “Patient-centric approaches to healthcare cybersecurity should focus on increasing transparency of how patient data is used and protected, ensuring interoperability of different healthcare devices, and streamlining patches and updates to digital health systems,” he said. The U.S. FDA, the U.S. Department of Health & Human Services, and the state of California, among others, have made significant advancements in these areas, he conceded, but “but much work is still left to be done.”