Experts share insights and recommendations on how hospitals can strengthen their cyber defences in light of increasing cyber-attacks during COVID-19.


Fuller Yu, Chief Information Security Officer (CISO), Hong Kong Hospital Authority

Leon Chang, Head, Cyber Defence Group, Integrated Health Information Systems (IHiS)

Carlos Arglebe, Corporate Cybersecurity Officer, SVP, Siemens Healthineers (moderator)

Gagandeep Singh, Vice President & Group CISO, IHH Healthcare Berhad (moderator)


The pandemic has made hospitals more vulnerable to cyberattacks as cyber adversaries exploit on the former’s busyness. It is timely, therefore, that hospitals start to more aggressively prepare for these attacks on their system to protect patient and organisation’s data. The most recommended approach to doing this is evaluating factors, like what we’re trying to secure, the value proposition, risk assessment, financial model, and the hospital’s capabilities.

It is also recommended that hospitals build on their detection and response capabilities, especially in today’s day and age when technology is more widely used in healthcare. With this, hospitals ought to understand that digitalisation and cybersecurity go together. Higher usage of technology and more complicated devices also require stronger cyber defences.

Moreover, we have to acknowledge that cybersecurity is a journey. It goes on for long-term; hence, there should be no question on whether it has investment value. Building cyber resilience complements business resilience, and this is what hospitals have to understand when faced with the dilemma regarding the resources required to build cyber capabilities. Likewise, hospitals can start with the resources they already have and try to really maximise these resources.

Finally, the key thing about cybersecurity is it is about collaboration and communication. Hospitals often mistake that cybersecurity is just about IT, but tend to forget that people can be the weakest links. We could have the most advanced technology to protect us from attacks, but if our hospital staff are poorly trained or have poor awareness of cybersecurity, we could still fall victims. What hospitals need to do, therefore, is to make sure everyone in the organisation has a proper understanding of cybersecurity risks and avoid compromises on data privacy.

Key Takeaways

  1. No one is immune to cyberattacks.
  2. Cybersecurity should be integrated from the design level.
  3. Digitalisation and cybersecurity go hand in hand.
  4. Organisations need to protect staff as digital citizens.
  5. Hospitals need to look at cybersecurity as a journey.
  6. Cyber resilience equates to business resilience.

Like this story? Subscribe for more

More Insights

January 14, 2021
Kerry Stratton shares how empty beds are driving innovative business models, how to extent patient care outside hospital walls, and why the most resilient hospitals will be those agile enough to change.
January 14, 2021
Hospital innovation should be a thoroughly thought process; not cut and paste the success from other sectors.
January 14, 2021
Adopting the latest technology advance does not always lead to a benefit for patients. While medical and digital technology can enable great progress, developing a coherent, sometimes very different, business model for healthcare may be needed to improve health benefits and costs.