Robust cybersecurity protection for hospitals requires a combination of education and technology tools
Across industries, the Internet of Things (IoT) is driving significant investment in projects that integrate smart devices, big data, analytics, and other digitization-related tools. Healthcare institutions are no exception. Hospitals benefit from this advanced connectivity through increased efficiencies, lower costs, and better patient care. As more building infrastructure gets connected; however, the risk and frequency of cyberattacks will increase. According to Cybersecurity Ventures, the estimated global cybercrime cost will climb to more than $10.5 trillion by 2025. That’s why sound cybersecurity protection strategies are more critical now than ever.
Increasing cyberattacks are placing hospital health records, clinical research data, and patient records that include social security numbers, billing information, and insurance claims at risk.
For example, a hospital-related cyberattack could involve an assault on the hospital’s power supply through an electrical engineering management system. An attacker could take partial control of the system and block important power fallback modes (like load shedding capabilities), thus putting the hospital at risk for a complete blackout without the ability to monitor the facility’s core power systems.
Ransomware has also emerged as a major concern for many healthcare institutions. This cyberattack occurs when malicious software is used to restrict access to a computer system or data until the victim pays the ransom requested by the criminal. Such attacks are now happening globally every 11 seconds.
Under these circumstances, the challenge is to protect building infrastructure systems without blocking them. It is necessary to know how to maintain operational flexibility while working within security constraints. At Automatique & Industrie, a Schneider Electric certified EcoXpert partner with extensive experience in smart building management systems (BMS), cybersecurity, artificial intelligence, and smart data architecture, we are often asked to help clients attain a flexible balance between efficient operations and security.
Addressing OT cybersecurity protection gaps is critical
Most information technology (IT) services groups within hospital organizations have global cybersecurity strategies in place that address the entire Hospital Information System (HIS) including patient files and medical data. However, other systems like hospital operations technology (OT) systems and biomedical systems are often underserviced from a cybersecurity perspective. These systems are critical because they guarantee the overall service continuity of the hospital infrastructure including power supply, air renewal, and safety and security management.
Cybersecurity is a global process. The mere implementation of technical solutions, like firewalls, does not by itself render an installation cybersecure. The healthcare staff must also raise their level of awareness and be educated by the organization on how to modify procedures and human actions to enable cybersecurity improvements.
Regulations like ANSSI (the National Cybersecurity Agency of France) must also be adhered to and should help to shape the rules put in place to address issues such as system access levels and “need to know” visibility to key operational tasks.
Cybersecurity roadmap helps create a secure facility
At Automatique & Industrie, we focus on deploying and securing operations technology (OT) in hospitals. Our customers ask us to conduct assessments of their infrastructure that include diagnosis of cyber vulnerability. When we perform these engagements, we complete the following tasks:
- Define the level of cybersecurity need for each system
- Map the OT network to analyze information flow patterns
- Implement password and cybersecurity software version management
- Deploy cybersecurity solutions (like firewalls, probes, and VPN access) as appropriate
- Conduct employee training and awareness
Cybersecurity today is no longer an afterthought or a bolt-on solution. The Schneider Electric solutions we recommend are cyber secure by design complying to the foremost in OT cybersecurity requirements from the international standard IEC 62443, providing robust cybersecurity features right from the factory. Once installed, these solutions are supported by services that allow healthcare organizations to maintain high levels of protection and low levels of risk as the cybersecurity outlook continues to evolve.