Take your risk management to a new level – Backend News | Region & Cash

By Tom Finn, Director of Business Development, Medigate

Health IT Security reported a 45% increase in attacks against healthcare providers between November 2020 and the end of the year. The healthcare sector alone accounted for 79% of all reported data breaches in 2020. And there’s no sign of the attacks slowing down. As we mentioned earlier, the healthcare sector is expected to be the target of two to three times more cyberattacks than any other industry in 2021.

Singapore is not unaware of the cost of these attacks on the healthcare sector. The attack on SingHealth’s specialized ambulances in 2018 resulted in the breach of 1.5 million medical records, the largest in Singapore’s history. In August 2021, Eye & Retina Surgeons (ERS), a medical specialty clinic in Singapore, was the target of a ransomware attack that affected the data of over 73,000 patients.

The consequences of such successful breaches include business disruption, violations of patient privacy and safety, and erosion of trust and reputation, all of which can have long-lasting consequences. Last year, security breaches cost healthcare companies more than $6 trillion. Therefore, it is reasonable for healthcare organizations to do everything in their power to minimize their exposure and control their risks.

Not on our watch
Claroty raises $400 million in Series E round to acquire Medigate

Unfortunately, there is no simple answer, no magic bullet that can give you the protection you need against all the risks in your company. Every healthcare system has a unique combination of people, processes, and technology that must be in place to ensure appropriate governance and risk mitigation efforts align with the organization’s desired business outcomes.

A lack of visibility, communication, and coordination between all safety, biomedical, clinical engineering, and business interests within an HDO creates gaps that make good governance difficult and effective risk mitigation almost impossible. It is therefore imperative to identify and understand these gaps. The self-assessment tool “The Real-Time Healthcare Convergence Maturity Assessment” developed by Medigate helps here. It creates cybersecurity, operational and business gap analysis, which you can then use to assess your business risks and then address them together.

“Pay attention to the gap”

Once you understand these risks, you can start filling in the gaps to ensure everyone and everything is working together. It starts with establishing a “single source of truth” for your environment—a source that provides a common language and understanding that can help bridge operational disruptions and divisions. A single system of record can help everyone from cybersecurity to biomedical to business stakeholders to see what’s happening on the clinical networks and make effective decisions that improve the operations and care of the organization.

Medigate offers this basic transparency with our Medigate Device Security Platform (MDSP). We work with organizations large and small to help them see and understand not only what’s on their clinical networks, but what those devices are doing (and whether or not they should be doing it). This gives stakeholders what they need to collaboratively create operational and security frameworks for their clinical environment, consistent with their risk tolerance.

Medigate’s transparency and insights can be used to drive the key components of any successful risk management program. Here are what we think are the most important components to consider:

6 Components of Successful Risk Management Programs

  1. Accurately assess device risks

Within healthcare organizations, risks need to be considered in the context in which they exist. This requires a combination of cybersecurity and clinical expertise to accurately discern if something is tolerable (and even necessary) or a risk to the connected healthcare system. A health-specific risk framework can make these nuanced determinations, identifying and assessing risks so they can be appropriately assessed, prioritized, and addressed to ensure patient and care safety.

  1. Manage vulnerabilities

Because devices are often involved in caregiving, risk must be managed in a very different way than traditional IT to ensure dependencies are respected and operations are kept intact. Healthcare systems need to look at their vulnerability management from a clinical perspective to ensure activities like scanning and patch management can be performed quickly and without risk to patient care protocols.

  1. Recommend appropriate remedial actions and mitigations

Shutting down equipment or blocking communications can have serious consequences within a clinical network, so it’s important that cybersecurity is built in when and where it can protect without compromising care. By considering actions within their clinical context, healthcare organizations can begin to enforce policies and risk mitigation strategies — through network-based checkpoints (e.g., firewalls, NACs, etc.) — that can prevent the spread of attacks and minimize the impact of attacks without compromising the interfering with ongoing operations or care services.

  1. Maintain good clinical cyber hygiene

To prevent the proliferation of threats within clinical networks, healthcare systems must constantly discover, assess, and manage the cybersecurity risks that medical, clinical, and other unmanaged connected devices bring to the clinical network.

  1. Consistently protect from the core to the edge – don’t forget the clinics

All types of healthcare systems, from large healthcare organizations to clinics, must ensure that the same rigor is applied across their distributed facilities and ecosystems to keep their operations and patient care as they should.

  1. Operationalize risk management programs

The dynamic nature of healthcare means that securing it is never complete. There is no such thing as set and forget, but there are tools and services that can help automate and operationalize ongoing risk management activities.

Leave a Comment