News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Looking to enhance cybersecurity? Five top tips for leaders in healthcare

In June this year, the National Health Laboratory Service (NHLS) suffered a serious cyber attack.
Source: Supplied. Orlando Scott-Cowley, public sector tech and business development manager at AWS.
Source: Supplied. Orlando Scott-Cowley, public sector tech and business development manager at AWS.

“The NHLS recognises the considerable impact this delay has had on public health facilities and the people of South Africa,” the NHLS’s chief executive officer, Koleka Mlisana said three weeks after the attack. “Rebuilding our systems has been an intricate and challenging endeavour,” she explained.

“It entails not just restoring data and services, but also ensuring that our infrastructure is robust, safe, and resistant to future intrusions.”

As technology revolutionises healthcare from administration to diagnosis and treatment, it’s also become a magnet for cyber criminals.

The European Union Agency for Cybersecurity (Enisa) reports that patient data, including electronic health records, are the most vulnerable assets. Nearly half of all incidents affecting the sector aimed to steal or leak health organisations' data.

Yet, all too often, we are lulled into treating cybersecurity as a nice-to-have, a secondary consideration, right up until it becomes the most important thing in our world. More than most, healthcare needs to shore up its defences against bad actors.

Cyber-attacks can result not only in data breaches but in material losses, damage and destruction of systems and databases, ransom demands, and, potentially, a reputational crisis, litigation, legal liability, damages and fines.

Not only do healthcare organisations hold a wealth of sensitive data, but they’re vulnerable to being shut down by hackers using ransomware. The choice: to allow patients' care to be disrupted, possibly catastrophically, or to pay up.

A 2021 Interpol report painted a grim picture of cybercrime in Africa. It quoted a finding by Accenture that South Africa had the third highest number of cybercrime victims in the world, at a cost to the economy of R2.2bn a year.

Interpol also highlighted another report from Kenyan cybersecurity firm Serianu that we had the highest rate of cyberattacks in the continent at 230m – three times the number suffered by Kenya and Morocco next on the list.

Healthcare cybersecurity crisis

Eighty-nine per cent of healthcare organisations worldwide experienced an average of 43 cyber-attacks in a 12 month period–almost one attack per week–according to a recent study from Proofpoint, a leading cybersecurity and compliance company, and Ponemon Institute, a top IT security research organisation. The most common effect of these attacks were “delayed procedures and tests”.

Of those surveyed, 57% said it resulted in poor patient outcomes while half reported increased complications from medical procedures. With lives at stake, healthcare organisations need to have robust cybersecurity measures ingrained into their systems to help mitigate these threats.

All of which begs the question; ‘how can healthcare organisations continue to enjoy all the many benefits of digital technology if they don’t prioritise security?’

Well, let’s start with five tips from Amazon Web Services (AWS) for organisations in the healthcare sector that want to enhance their cybersecurity. Most of these can be implemented at little or no cost.

Document your security policy – Give all your employees a clear and simple reference point. Outline a set of standards to which everyone must adhere to maintain good cybersecurity. Communicate your policy throughout your organisation and make it easily accessible to everyone. The policy should include the following four tips as actions for all personnel:

  • Everyone must use unique login credentials – You wouldn’t have 1234 as your bank pin number, would you? We should be no less diligent at work. All employees must be required to use unique credentials with passwords that are strong, both in length and complexity, for all work-related login functions. Set rules for good password creation and stop bad actors unlocking multiple doors across an organisation using just one set of credentials.
  • Keep admin rights, permissions and privileges tight – Make sure that you only give colleagues privileges to the IT systems and functions that are necessary for their roles. Start with an audit of existing privileges, establish a system for documenting any new permissions and perform regular access reviews. Healthcare institutions can use cloud services such as IAM Healthcare institutions which use cloud services such as IAM and Cognito to manage and monitor access rights easily.
  • Back up your systems on the cloud – If you’ve ever had a device fail on you and taken all your pictures, conversation and emails with it, you’ll know how devastating that can be. Using a cloud backup is essential for all healthcare organisations and ensures data is secured, recoverable and can’t be easily deleted by bad actors. AWS Backup provides cloud-native back-up services for healthcare organisations’ key data stores, such as buckets, volumes, databases and file systems, across AWS services.
  • Foster a blame-free culture – Good cybersecurity requires that everyone in your organisation feels able to come forward if they think there’s a problem or if they have potentially been compromised. So, avoid blame when things go wrong. Phish-testing, where the organisation sends employees fake phishing messages, does little for security and can seriously damage morale. Instead, drive greater awareness and encourage a positive, security-orientated mindset.
  • The five principles above are a good starting point to mitigate risks. After all, we don’t insure our homes in the expectation that we’ll be robbed or there will be a fire, but simply in case the worst happens.

    Putting these tips into action, together with a leadership that’s fully behind necessary investments in cybersecurity and fostering a “security culture” among colleagues will help guard against future threats.

    “If you really want to drive change, look to your leadership. Cybersecurity isn’t just about technology: it starts at the top,” says Orlando Scott-Cowley, public sector tech and business development manager at AWS. “Leadership must own and foster a culture which supports cybersecurity.”

    Let's do Biz