A modern-day healthcare facility hosts a complex web of IT systems, each running in the background and handling high volumes of digital transactions by the minute. These systems, handling functions ranging from clinical, finance to administrative or others, have undoubtedly helped to enable efficiency in care delivery. However, the growth in use of digital systems will inevitably increase the associated cybersecurity threats.
“Data sensitivity is the major challenge faced by most healthcare organisations. Information stolen or accessed by unauthorised persons are a real threat,” said Mr Alvin Lim, Group Technology and IT Security Director of Fullerton Health.
As a healthcare provider with a presence in nine markets in the Asia-Pacific region, Fullerton Health handles over 13 million healthcare transactions a year, over a comprehensive scope of services ranging from managed care and network management services, to primary care and specialty care. Keeping such data safe and secure is a high priority, said Mr Lim.
He highlighted that Data Loss Protection (DLP) is a highly important component of the organisation’s security strategy. DLP technologies use rules (defined by organisations) to scan for sensitive information that may be included in electronic communications, or to detect abnormal data transfers, which could occur when end users accidently or maliciously leak data.
In addition, the organisation leverages on security information and event management (SIEM) software, which monitors the organisation’s servers and networks 24/7. Through collection and aggregation of data generated by the technology infrastructure (from applications to firewalls and so on), the software identifies and analyses all incidents and events in real time. Any potential threat or anomaly raises an alert to the security team.
How working from home has added to cybersecurity risks
The COVID-19 pandemic has led to an unprecedented global shift towards working from home. This had led to further challenges in ensuring digital security. “The lines were blurred between home and work,” said Mr Lim. “IT departments who were responsible for network security, ensuring company owned devices are safe with security patches and keeping corporate data secure, had to contend with the dangers of lax home wi-fi security, and unsecured, unauthorised home devices trying to access company data.”
Mr Lim candidly noted that in cybersecurity, “the hardest component to control is the user.” He shared several measures that Fullerton Health put in place to help the users keep the systems safe. The first priority was to create and raise awareness amongst staff of the cybersecurity threat while they are working away from secured office networks. “Staff must understand the potential repercussion of a security breach, embrace their responsibilities as a user and know what they can do to prevent it,” said Mr Lim. He listed webinars, newsletters, memos from the CEO and even gamification, through quizzes, as examples of educational efforts the IT team undertook.
In addition, the team introduced a secured channel for employees who needed to access data using VPN, and implemented a complete lock-down on the use of all un-authorised devices.
Mr Lim shared that there has been an increase in the frequency of security checks and monitoring of all end-point devices and infrastructure. Besides supporting the cybersecurity requirements of clinical staff working onsite, the IT team is also looking at automating processes as much as possible to reduce human intervention, and redeploying operational tasks to virtual teams.
Working collaboratively on cyber threats
The rapid rise of digital health technologies, such as virtual consultations and telemedicine during the pandemic, have likely changed the future model of healthcare delivery, for good. Mr Lim remained optimistic about the role of digital solutions in the future of healthcare: “Healthcare IT leaders can take the COVID-19 situation as an opportunity to demonstrate competencies and capabilities, that will enable them to solve systemic issues through greater use of technology.”
With technology now intricately weaved into the healthcare sector’s day-to-day operations, it is crucial for healthcare IT leaders to put in place strong security measures around the usage of these digital solutions. Coming together as a sector to collectively look into cybersecurity solutions could help, with Mr Lim noting that he and his team has, and will continue to, collaborate with different healthcare providers to solve systemic issues, and share intelligence on cyber threats. Industries ranging from energy to the financial sector already “coordinate defense information and work together to stave off threats”. More sharing and coordination against attacks across different healthcare providers, will help to keep up an effective defence against an ever-changing threat landscape.