As recent attacks have demonstrated, the healthcare industry is particularly vulnerable to malware and hacking that can significantly disrupt patient care and hospital operations.
For that reason, a group of Boston researchers is urging the industry to view cyberattacks as a threat to public health.
In a perspective published in the New England Journal of Medicine, two physicians and an information security professional from Brigham and Women’s Hospital and Partners HealthCare pointed to the recent WannaCry and Petya ransomware attacks to highlight some of the cybersecurity deficiencies across the industry and outline areas of focus moving forward.
The trio echoed many of the issues recently addressed by emergency physicians at the U.K. National Health Service (NHS), which called the WannaCry attack that shut down dozens of hospitals “undeniably dramatic.” In June, an in-depth report by a Department of Health and Human Services Cybersecurity Task Force spelled out the “urgent challenge” of cybersecurity vulnerabilities in healthcare.
Beyond the long-term consequences of exposing patient information, the Boston authors raised alarm over the possibility that hackers could manipulate laboratory data or EHR notes to compromise the safety of patient care.
Data encryption, software updates, continuous backups and improved security process can help, but a “practical and intelligent” approach to technology is also necessary, they said. Ultimately, education is the most critical aspect of closing healthcare’s vulnerabilities.
“People are the weakest link in the security infrastructure: our systems are only as secure as the gatekeepers who use them,” they wrote.