Healthcare facilities have grown more vulnerable over the last few years as hackers have begun to target them more frequently. With more areas of risks and threats that need to be addressed, modern healthcare facilities need to adhere to security measures that protect the privacy of patients and staff. Daniel Loo, principal consultant of Rimkus Consulting Group's Safety and Security Practice, will discuss how to protect people, data and physical assets in his presentation during the Healthcare Facilities Summit: Maintaining Health and Safety in Healthcare Facilities on May 25. Healthcare Facilities Today talked with Loo ahead of his presentation on what facilities managers can do to better protect their operations.
HFT: Why are hospitals and other healthcare facilities a higher target for ransomware/cyber-attacks?
Loo: According to various white papers and the FBI, there are specific industries like healthcare, higher education, manufacturing, and others which are at a higher risk for potential vulnerabilities being exploited by threats. Unfortunately, much of this is due to the lack of having a robust security posture in place, when compared to other industries, such as banking, telecommunications, critical infrastructure, and supply-chain logistics. The latter group is still on the receiving end of a vast amount of cyber security attacks. However, they have implemented a solid plan to identify and respond to such threats. Within healthcare, this can be remedied by the security management team, which will show how the department’s return on investment to the company is based on mitigating risk and loss. This in turn will increase buy-in from upper management and/or the C-suite.
HFT: How can hospitals and other healthcare facilities ensure residents and patients that their personal information is safe prior and after a security incident?
Loo: By implementing proper access control and data protection. The former can be addressed by utilizing physical measures, such as access keys, CCTV, guard staff, bollards and others, to direct, navigate or restrict movement to individuals. By simply introducing these physical barriers to the environment, it makes it that much more difficult for a possible threat to have access to a system. Regarding data protection, that can be met by having all IT systems kept up to date, proper credentialing and strictly adhering to statutory obligations, such as HIPAA.
HFT: Do you believe most healthcare facilities are properly prepared to deal with security related risks?
Loo: Overall, I believe the industry is working diligently under the auspices of security to address current trends in risks, vulnerabilities, and threats. Security organizations within healthcare, such as the International Association for Healthcare and Safety have set a benchmark standard in industry best practices for maintaining a safe and secure atmosphere within this field.
HFT: What can other healthcare facilities learn from their industry peers who have suffered from security breaches?
Loo: To always be aware of current threat trends and patterns, which not only impact the healthcare industry, but also the geographic location where each facility resides. Properly disseminate information amongst your employees, so they are in the know in terms of any issues that may be detrimental to the site and personnel. Communication is key. Management should be direct, responsive, and transparent, in order to ensure a secure working atmosphere.