Medical professionals and hospital staff are working on the frontlines to save lives during the coronavirus pandemic, but also tasked with managing the confidentiality of patient data, patient safety, and communication between physicians, patients, and their families. With that brings severe vulnerabilities and weak points to health-care system cyber resilience, explains Virginia Tech cybersecurity expert Aaron Brantly.
In a recent blog post, Brantly says there are indications that cyberattacks against hospitals and other health-care providers are increasing in severity and impacting the availability and quality of care.
“The issue of cybersecurity in health care is not limited to the management of patient records but is rather an ecosystem-wide challenge that plagues health systems at nearly every level.”
“The problem of cybersecurity within the health-care industry is multicausal. Hospitals, physicians, insurance companies, medical device manufacturers and other groups throughout the ecosystem are increasingly leveraging internet-enabled technologies.”
“Very often these technologies and the software they run are proprietary and unique to each device manufacturer, hospital, and insurance provider. The custom nature of these products hinders cyber breach prevention and remediation efforts because updating them is often laborious, costly, and breaks interoperability across different platforms in a health system.”
“Technological progress, such as the deployment of machine learning and artificial intelligence in products, including closed-loop insulin delivery systems and oncology treatment planning, are introducing new vulnerabilities.”
“Patient-centric approaches to health-care cybersecurity should focus on increasing transparency of how patient data is used and protected, ensuring interoperability of different health-care devices, and streamlining patches and updates to digital health systems. The FDA, HHS, and the State of California, among others, have made substantial strides in these areas, but much work is still left to be done.”
Aaron Brantly, an assistant professor of political science at Virginia Tech, has worked on issues related to cybersecurity from multiple angles, including human rights and development, intelligence and national security, and military cybersecurity. His interests span the political science and computer science divide. More here.