Healthcare and IT Security
If you’ve been following our recent blogs on healthcare tech, then you’ll know that the sector is becoming increasingly reliant on technology for both day-to-day and lifesaving activities. But, with technology comes significant security concerns.
Over the past 14 months alone, we’ve seen more than 19,000 appointments cancelled by the WannaCry hack, 1.4 million patient records breached in the UnityPoint Health phishing attack and 1.5 million patient records stolen in the Singapore government’s cyberattack.
The healthcare industry has become one of the biggest targets for ransomware and cyber attacks, and with technology use in the sector forever increasing, something has to change. In this blog, we’re taking a look at what.
What is happening?
Attack behaviour in the healthcare sector largely mimics that of other industries. Application attacks account for 66% of activity, followed by suspicious activity, brute force, trojan activity and DOS. What’s concerning is the diverse methods used by cybercriminals, including cross site scripting, XML injection, zero days, buffer overflow, SQL injection and much more.
And, these attacks can cause far more damage than the leak of sensitive information or reputational harm. Emergency equipment can be disabled, medical records can be altered, tumours can be added to CT scans and entire hospitals can be frozen. The effects can be literally deadly.
Why is this happening?
As with many other industries and sectors, technology is advancing at a rate quicker than internal security policies, practices and teams. This results in:
- Staff who are untrained in security best practice;
- Equipment not being properly updated and patched;
- A mismatch of software and systems; and
- Understaffed (or empty) cybersecurity team.
What needs to change?
To put it simply: cybersecurity needs the attention it deserves. This means recruiting cybersecurity professionals in hospitals, healthcare suppliers and healthcare tech firms.
Particular IT security specialisms to recruit for include:
As more healthcare organisations move to the cloud, there is a significant volume of confidential data at risk of breach. Cloud security experts can reduce this risk and quickly identify and patch any problems.
You’ll know from our recent blog on healthcare apps that mobile devices and applications are becoming standard-place in the healthcare industry. The volume of different devices and apps opens health businesses and hospitals up to additional threats. An app security specialist can help to develop secure apps or educate staff on the safe use of apps.
The IoT is always high on the agenda when talking about IT security. Many connected healthcare devices do not have the ability to block malicious attacks or behaviours. Whether you’re developing a device or implementing one into your business, having an IT security professional who can advise on and minimise attacks from happening is crucial.
With more people and devices connected than ever before, there is far more opportunity for criminals to exploit through ransomware. Ideally, you want a tech professional who can prevent, monitor, identify and stop these attacks from causing significant damage.
People skills are integral for IT security specialists because people are your biggest risk. The right knowledge, training and updates can be one of your biggest defences to cyber-attacks, so look for someone who can deliver the right message to your staff - from the bottom all the way up to the board.
Get in touch
IT security professionals are essential for every industry, but particularly the healthcare sector. If you’re looking for IT security talent to join your team, get in touch with Evolution today - you could help save someone’s life.