Digitization impacts many areas of life. It is also remapping the healthcare landscape and is becoming increasingly important, ensuring that patients receive comprehensive care as quickly as possible. To make this a reality, data is stored digitally and medical devices are connected.
Hackers are increasingly choosing hospitals for their attacks.
These advances create opportunities but also entail potential risks. The latter requires all stakeholders to exercise caution since the medical industry is a frequent target for cyberattacks. Untrained and unaware employees are often the weakest link in the security chain.
Healthcare data is very valuable to cybercriminals. Having said that, it’s also possible that a hospital is being hijacked, the hospital’s data is manipulated or medical devices are being compromised.
You can find more exciting articles about digitization and cybersecurity here:
Screen, computer, tablet, medical devices: Nowadays, a lot of things in a hospital are digitally networked with each other. That's why it's very important for staff to know exactly what's going on and recognize the potential risks of a hacker attack.
Facilities and medical devices that are designed to protect the patient become easy targets because all it takes is a well-disguised email, one click and everyone is gone. That's how fast IT software can fall victim to a cyberattack. Besides accreditation, certification and qualified maintenance of these devices – which is specified and required under the European Medical Device Regulation (MDR) -, stable security management software is a critical security component. But that’s not all you need. "It is vital to not only invest in technology but also in employees. Security is a continuous process and seldom completed once you buy or install a system or software to comply with guidelines and please the legislator", said Dr. Tilman Frosch, Managing Director of G DATA Advanced Analytics GmbH in the run-up to the MEDICA 2018 trade fair.
This approach to saving money is often based on a false premise: The incorrect assumption that employees already know what to do and that they won’t jeopardize IT security. Those in charge must realize that untrained personnel can be the weakest link in the security chain and - inadvertently and unwittingly – perform actions that cause harm. "In reality, you are not really improving things because you still need someone who can operate and configure the system, and constantly monitors and responds to the messages", explained Frosch. That’s why having qualified staff that is only in charge of security monitoring is ideal and essential, yet other employees should also not be kept in the dark about the subject. After all, data management software is ultimately only as good and secure as its user. To tightly close security gaps and avoid breaches, it is crucial to educate the staff, the medical team and heads of departments about the risks. In addition to technology aspects, this is primarily about analyzing unintentional bad behavior, emphasizing the importance of deliberate actions, and explaining how cybercriminals might think and act. How do I detect malicious emails and how do I keep transmitted data secure by using a VPN for example? These questions can be answered with the help of practical drills and exercises. There are many online and offline options to train staff.
Products and exhibitors on the topics of cyber security and hospital IT
Would you like to discover the innovations and trends in the field of information technology for hospitals? You will find exhibitors and products on this topic in the MEDICA 2018 catalogue:
Training on IT and cybersecurity for hospital staff is becoming increasingly important.
Here is an example of a global service provider that offers both options. BSI Group Deutschland GmbH provides business services to organizations including development and sale of private, national, and international standards, training, assessment, and certification. The latter is in collaboration with Wombat Security Services on an online security education platform system. The "Wombat Cyber Security Awareness training" includes software-based interactive training, quizzes, simulated phishing attacks, and reporting fields. There are different modules and key topics: computers, data security, emails, mobile devices or external storage such as discs or USB sticks. The online options offer a clear advantage: The training programs are customizable, interactive and flexible.
Having said that, the traditional instruction format can also support employees in navigating the jungle of information technology. This setting allows for group discussions and an exchange of ideas and opinions. Participants can ask the instructor directly for help with practical exercises and any issues.
No matter which educational option you choose for your team, it’s important to make up your mind and underscore regular training sessions. The digital world is undergoing radical changes that benefit global health and medicine, but can also play into the hands of cybercriminals. In hospitals, patient health and safety is the number one priority and must not be put at risk by untrained and unaware hospital staff. This applies to both their medical knowledge and their use of IT programs and medical devices.
The article was written by Katja Laska and translated by Elena O'Meara. MEDICA-tradefair.com