Why healthcare cybersecurity must always evolve

Hospitals and healthcare providers every day are looking at ways they can keep patient data safe and prevent cyberattacks--and security plans need to be constantly evolving.

There won't come a time, says John Houston, vice president for privacy and information security at the University of Pittsburgh Medical Center, when the healthcare industry will have all the security it needs.

"That isn't ever going to be the case. Threats change, technologies change and our business changes," Houston tells Hospital and Health Networks (HHN).

To that end, such growing threats were the focus of a briefing in the District of Columbia last week.

Providers speaking on a panel said that a lack of standards in the industry on cybersecurity is a barrier to stopping threats. They added that healthcare organizations need to work with both private and public sector partners to create a security framework.

One foundation of a security plan at an organization should be to conduct regular security risk analysis, Alessandra Swanson, team leader in Chicago's Office for Civil Rights, tells HHN.

However, there's more to just knowing you're at risk--such as whether certain medical devices are vulnerable--something must be done about it, Houston adds.

Issues with the security of medical devices are being brought into the limelight in the industry, especially in the wake of an FDA warning about an infusion pump that could be accessed by malicious actors.

While some devicemakers have increased security of their tools, Axel Wirth, technical architect with Symantec Corp.'s U.S. healthcare division, tells HHN that "the medical device ecosystem is certainly widely underprotected." In fact, security researchers recently found that thousands of medical devices used by healthcare organizations are vulnerable to attack and left exposed online.

In addition, consumers and providers should expect to soon see more warnings related to cybersecurity vulnerabilities in medical devices after the FDA warning, according to Kevin Fu, an associate professor of electrical engineering and computer science and director of the security and privacy lab at the University of Michigan.

To learn more:
- here's the HHN article