COVID-19 has hit businesses like never before, and organisations have found it very hard to cope with this sudden change in reality. While all the sectors were impacted, healthcare was truly tested to its limits. The sector saw challenges and opportunities which were not seen in the last few decades. On the one hand, it was struggling to optimise resources, and on the other hand, it was about building capacity to meet the demands of healthcare products and services. Imagine the scale needed to just meet the demands of vaccination – nearly 1.4 billion vails, syringes and cotton swabs are required just to vaccinate people at risk in India. If we look at global figures, this number would be five times this.
But like in any other sector where opportunities grow exponentially, the threat factor also grows in similar measures. In a cyber attack in December 2020, data on the Pfizer/BioNTech COVID-19 vaccine was stolen and released online illegally. The threat of cyber attacks Is real, and hence cybersecurity gains utmost importance.
The healthcare industry has transformed rapidly in the last decade. Today, technology is an integral part of every healthcare aspect – be it drug discovery, research & development, digital promotions, supply chain management or even marketing decision-making. Patient data management is now electronically managed using EHR/EMR. Drug discovery is increasingly using technologies like blockchain. AI/ML tools are being used for marketing decision-making. Physician marketing is also being done using programmatic ad exchanges and standalone doctor-only platforms. However, with this increased adoption of digital solutions and cutting-edge technologies, the risk of data theft, data breach, identity duplication has also increased. Millions of logins from various devices and accessing data on interconnected medical devices can make cybersecurity a very difficult job for an organisation.
Why is cyber-secure healthcare important?
Imagine an EMR/EHR system in a hospital. It has health data of every single patient, every single visit, every single prescription written, every single procedure performed. This is ‘BIG Data’ in its true essence. This can be used to create correlations between different diseases, understand the efficacy of treatment, create disease management guidelines. A cyber attack has the potential to steal or wipe this data in one go, and all the benefits that can be derived out of this data are gone forever.
Healthcare is a regulated category from a communications perspective. This means that healthcare products cannot be promoted to non-physicians. Programmatic ad exchanges and standalone healthcare platforms need to identify a physician on any platform using PII’s available. Hence, it is important to protect physician data, so that identity duplication can be avoided.
Also, imagine an organisation spending millions of dollars to discover a new drug to manage a rare disorder and the whole drug data, trial data and patient data being compromised. This can severely derail the whole drug discovery process and end up jeopardising the future of the organisation.
Besides, a lot of marketing decision-making depends on the data being provided by different partners like primary & secondary sales data providers, supply chain data management software, market trends and forecasting data organisations. A cyber attack can severely impact these through stock manipulations, over/under-predictions, identity theft, and much more.
How can healthcare become cyber-secure?
Invest in cybersecurity: Most organisations are not equipped with highly skilled teams that would take care of cyber attacks and mitigate the risk without much effort. My suggestion will be to start small. Invest in an outsourced team to start with and keep building capacity. Over a period of time (not more than three years), build your own team.
Get the basics right: Organisations can start by putting restrictions on the installed software applications, increase vigilance, especially in the areas pertaining to IoT (Internet of Things) devices, home peripherals. Invest in educating all the stakeholders, as they are dealing with data; they must know every minute detail with regards to the security of the sector and how they can aid in dealing with the same.
Move to cloud: By doing so, organisations can cut the risk manifold. As every application and all the data is in a virtual environment, the device becomes just a medium to access and not really a data storage port. This makes it less risky and more efficient. It even saves cost and time.
Always go multi-factor: Most cyber-attacks happen because of compromised passwords. Hence, it is always advisable to go for multi-factor authentication. This one step can hugely reduce the chances of a cyber attack.
Track and target: System must be geared to identify the credentials of people accessing data. Who accessed what, when, and where are some important parameters to be kept in mind while creating these systems.
Have a cybersecurity policy in place: Most of the time, cyber-attacks happen because employees aren’t aware of good practices to safeguard data. Hence, it is imperative to have these policies in place. Cyber experts and even hackers talk to employees and explain the steps that can be taken to avert these mishaps.
Lastly, most of the cybersecurity systems being utilised by healthcare organisations are outdated and unable to ward off cyber attacks. It is essential to invest in upgrading systems and processes to reduce the chances of being attacked.