In October 2020, a psychotherapy center in Finland had its patient data breached. Patients were given a choice by the hackers: pay up or the stolen mental health records would be released onto the internet, wrote Politico.
Healthcare providers balance highly valuable patient data with an increasing number of digital systems. To manage both successfully, competent cybersecurity systems are needed to make sure hackers cannot compromise patient care.
Tan Shong Ye, Cyber Leader, and Dr Zubin J Daruwalla, Health Industries Leader, at PwC Singapore share how healthcare providers can ensure their data is secure and how this will help patient care overall.
The cloud has introduced immense benefits to healthcare. Doctors and researchers have used it to analyse genomic data, study 3D models of the human body, and standardise complex health data across distinct systems.
But high reward can sometimes be high risk. Cybersecurity plays a critical role in healthcare as providers possess something of value for hackers.
“Health data is tremendously valuable to cyber criminals,” says Tan. The value of such data on the dark web is much higher than personal financial data, he explains.
Health data can be used for blackmail or political gains, especially if the data is regarding a high profile individual, he says. But when it comes to healthcare data, it needs to be more than just about cybersecurity and protection. Health data must also be made easily accessible to other providers, insurers, and patients themselves, says Dr Daruwalla.
The impact of Covid-19
The Covid-19 pandemic has forced healthcare providers “to adopt a more digital mode of working,” says Dr Daruwalla. Hospitals have turned in droves to wearable devices, for instance, to assist remote care or telehealth. This provides more areas for hackers to target.
The effects have begun. In the US, 235 hospitals suffered ransomware attacks at the hands of a single hacking group, which collected more than US$100 million in ransom sums over the last year, reported the Wall Street Journal.
The increasing use of digital systems, and the consequent increase in threat levels, has taught healthcare providers a key lesson, shares Dr Daruwalla. It is no longer feasible to simply keep paper based records as the status quo. Cyber defenses are required and practices must “stretch far beyond” keeping hard copy medical records in “a locked cupboard”.
What can be done?
The Covid-19 pandemic has accelerated the digitalisation of healthcare and demonstrated massive benefits to citizens and service delivery. However, due to the private and confidential nature of health records, the industry will need to ensure that patient data is secure. Managed security services can help, says Tan and Dr Daruwalla. These are responsible for monitoring a system’s security status.
This would be extra helpful in Singapore, where governments are pushing for hospitals and all private clinics to adopt electronic medical records, says Dr Daruwalla. Using a managed security system to deal with cyberthreats would be “offloading the burden from doctors”, he says. A burden doctors cannot be expected to have the skills, knowledge or experience to address.
PwC Singapore provides managed security services via the Amazon Web Services (AWS) platform.
This allows healthcare providers to focus on their main priority, which is providing a high quality of care for patients, says Dr Daruwalla.
AWS Managed Services also monitors the dark web for threats. It combs through hacker forums and scans networks for any unwanted activity.
For an organisation that possesses a resource as valuable and sensitive as patient health data, their protections must be up to the task. Healthcare providers should have confidence that digital systems are secure so that they can focus on providing care to patients in need.