Healthcare and system security: a scenario from post COVID world

09/07/2021

The pace of life returning to normal post-COVID is slow. Most of the life aspects embrace the new normal and adapt the techniques and tactics well adapted for post-COVID circumstances. Be it vaccination, new variants of the virus, end of lockdowns, or the rushed openings. People are longing for the resemblance of the current scenario with normalcy. 

However, most of the things have irreversibly changed. And if we continue to think about them or deal with them in the same old way, we will be fooling ourselves. Pandemic has impacted our lives immensely. The impact of COVID has been replicated in almost every aspect of our lives. Be it one department or industry. Every organization is forced to follow in the footsteps of revolution post COVID. 

Although the impact COVID has created is restricted to daily life practices and the cybersecurity of our infrastructure. Particularly the cybersecurity-related to medical devices is of huge concern when it comes to the healthcare industry. Here we will discuss a few lessons that will help us cope with security challenges in the healthcare industry. 

1. Connectivity and security go hand in hand

Telehealth has gained the dominant position during COVID. The pandemic of Coronavirus has innovated the devices in healthcare delivery organizations HDOs to ensure the deliverability of clinical operations to patients who are unable to visit their doctor in person. 

Clinicians can now track the health status of their patients' using applications that sync to the connected devices. Thus, enabling the patients to receive healthcare facilities from the comfort of their homes without the hassle of traveling. Furthermore, the availability of data about a patient on an application is critical since it can be shared instantly, thus ensuring the best for patients' health. Can take decisions considering the advice and suggestions of the experts. Moreover, a patient can also get access to field experts located geographically apart from patients' location. 

 Undoubtedly, the growth is enormous. The advancements in the healthcare system have revolutionized the practices and methods. But one of the major cons these innovations present is security concerns. Unfortunately, all the improvements planned and introduced don't seem to sync with cybersecurity challenges. 

Can't overlook The degree of reliance of the healthcare industry on technology and innovations. The advancements have provided the healthcare sector with better diagnosis resources and facilities, innovative treatment options, and proven time adequate. Moreover, the risks posed to patients' lives have been ominously reduced. 

So, methods that ensure maximum security to the data related to patients' health must be considered. This is the demarking point between the success or failure of cybercriminals and data security challenges. 

Thus as the devices and systems continue to expand and link with one another. So is the possibility of a new threat. These threats must be acknowledged and understood to ensure that the necessary steps are taken for their alleviation. 

2. Attackers' vs. defenders and the supply chain

The vulnerabilities are profound and widespread—the hacker community like ex. Ripple/20 and BlueKeep are profoundly entrenched in the system. If we consider hacking a business opportunity, the difference when modeled at a multi-integrated system is prominent compared to just a single device.

The budgets for attackers are not limited. They have aimed for massive growth from $3 trillion in 2015 to $10.5 trillion US dollars annually. The investment by the defenders to protect their system has been increased by 10%, amounting to around $100 billion. The most recent news from Microsoft has highlighted that Solarwinds utilized a thousand plus engineers for its creation. But the troubling question is that is there any organization that is fully equipped with resources to combat attackers? Do any organizations have the resources to defend themselves against attackers?

 There is a dire need for defenders to upscale their strategies to defend their assets. It implies that as attackers continue to mount the supply chain, so must the defenders. Therefore, more and more devices and equipment that are based on modern cybersecurity solutions are mandatory. The devices and systems better integrated with security solutions will help lessen the potential risks related to data breaches. From the patient's perspective, an organization needs to be better equipped to deliver safe and secure experiences.

3. Plan of action

Before setting up the technological infrastructure of a healthcare organization, understanding a decision's impact is a must as defenders of healthcare organizations must aim for the big picture and the desired output. It requires the modeling of a plan of action. When the threats are understood, they are easy to mitigate. The motion objective is limited to healthcare delivery organizations, the vendor of security services, and medical equipment manufacturers. Combined efforts will enable the development of strategies that will produce better outputs. 

As soon as the plan has been created, it is necessary to embed it in daily activities and operations. Moreover, we can't neglect the requirement of revision of the project. With the attackers, the strategies opted by defenders must change. Undoubtedly, there will be threats and setbacks, but we must be strong enough to deal with issues and situations in the most effective way. There should always be room for learning and education. 

4. Security at a priority 

First and foremost, training personnel and staff on updated knowledge and skills is a must. It holds a special place in the growth and success of any organization. However, in the connected world, change and movement without up-gradation of skill have no meaning. For instance, if someone in the organization cannot detect a malicious email, how can they expect the same results from an end-user?

The significant risk presented to the healthcare sector is the blame game at the end of the user/patient. Historically, the data shows that user experience in the medical industry has not been optimized with ease of use. Therefore, we are required to optimize the system and knowledge for the patient.

 So, secure and efficient devices are the need of the hour. The system and technology in healthcare need to prioritize the potential solutions to combat the threats. Must reduce the extent of reliance on users. Pros and cons are part of technology. No system or technology is perfect. However, the best strategies are the ones that are not dependent on users. The detection of potential threats and risks as well efficacy of a device is most important in inpatient care. If we are aimed at changing the landscape of the healthcare industry, we must intentionally design devices that are better at dealing with cybersecurity risks.  

5. Integration of organization with other stakeholders

Security in the medical industry consists of complex networks and multiple users. Overall, asset management in the healthcare industry is a complicated task. Must develop the security plan for clinical uses.

While developing a combat level from the start is a crucial task, it requires time and expertise in the said field. Moreover, a bandwidth for maintaining the life of a device is also required. 

Hence, the Involvement of a third party for focusing on cyber security addresses the core requirements. However, the usage of more tools doesn't solve the problems. But the alarm fatigue can result in missing an important signal. Moreover, tool sprawl has been proven to be disadvantageous to an organization's ability to safeguard vital resources. Still, this does not implicate that experts be excluded from the organizational, operational framework. 

The technical diversity has flourished immensely. However, it is still challenging to guarantee the security of all equipment and systems. For example, there used to be a single mainframe with a green-colored screen and a printer in the past. But today, uncountable methods for client assessment are available. These include networking, connectivity through remote means, security, storage, and visualization. 

Conclusion

HSCC, NCCOE, JSP, and TIR-57 are some of the available guidelines on the said issue. But the specification for any standard is none. Furthermore, To date, we have not made any satisfactory progress yet in the field. Therefore, there must be a systemic change in medical device development that addresses the cybersecurity risk for the collective advantage of an organization and the patients. 

The cost of cybersecurity is effectively managed when they are integrated into the core business plan. Likewise, the access to cybersecurity experts in an efficient economy ensures effective solutions that withhold the lifespan of a device. There is a dire need to use devices that are secured and embedded with innovative cybersecurity solutions. The medical industry is posed with several threats that span the complex delivery systems to security debts to malicious actors in the system. We must aim for things to handle the situations differently and the potential risks as we have done in the past.