Experts share insights and recommendations on how hospitals can strengthen their cyber defences in light of increasing cyber-attacks during COVID-19.

Speakers

Fuller Yu, Chief Information Security Officer (CISO), Hong Kong Hospital Authority

Leon Chang, Head, Cyber Defence Group, Integrated Health Information Systems (IHiS)

Carlos Arglebe, Corporate Cybersecurity Officer, SVP, Siemens Healthineers (moderator)

Gagandeep Singh, Vice President & Group CISO, IHH Healthcare Berhad (moderator)

Summary

The pandemic has made hospitals more vulnerable to cyberattacks as cyber adversaries exploit on the former’s busyness. It is timely, therefore, that hospitals start to more aggressively prepare for these attacks on their system to protect patient and organisation’s data. The most recommended approach to doing this is evaluating factors, like what we’re trying to secure, the value proposition, risk assessment, financial model, and the hospital’s capabilities.

It is also recommended that hospitals build on their detection and response capabilities, especially in today’s day and age when technology is more widely used in healthcare. With this, hospitals ought to understand that digitalisation and cybersecurity go together. Higher usage of technology and more complicated devices also require stronger cyber defences.

Moreover, we have to acknowledge that cybersecurity is a journey. It goes on for long-term; hence, there should be no question on whether it has investment value. Building cyber resilience complements business resilience, and this is what hospitals have to understand when faced with the dilemma regarding the resources required to build cyber capabilities. Likewise, hospitals can start with the resources they already have and try to really maximise these resources.

Finally, the key thing about cybersecurity is it is about collaboration and communication. Hospitals often mistake that cybersecurity is just about IT, but tend to forget that people can be the weakest links. We could have the most advanced technology to protect us from attacks, but if our hospital staff are poorly trained or have poor awareness of cybersecurity, we could still fall victims. What hospitals need to do, therefore, is to make sure everyone in the organisation has a proper understanding of cybersecurity risks and avoid compromises on data privacy.

Key Takeaways

  1. No one is immune to cyberattacks.
  2. Cybersecurity should be integrated from the design level.
  3. Digitalisation and cybersecurity go hand in hand.
  4. Organisations need to protect staff as digital citizens.
  5. Hospitals need to look at cybersecurity as a journey.
  6. Cyber resilience equates to business resilience.

Like this story? Subscribe for more

More Insights

March 25, 2021
Dr Muhammad Ardian and Dr Cahyo Wibisono from the Universitas Airlangga Hospital share how an internal informatics team has helped to develop IT capabilities in the hospital.
March 25, 2021
Mr Linus Tham, Group Chief Information Officer of IHH Healthcare, shares how his organisation has mitigated cybersecurity threats, amidst a rise in cyberattacks on the healthcare sector.
February 25, 2021
A summary of some ways to achieve high levels of clinical effectiveness.