Daniel Ferreira, PhD, our head of Cybersecurity Advisory Services, recently published a chapter in collaboration with Nuno Mateus-Coelho, PhD, titled “Cybersecurity Risks in Health Data and Measures to Take” (Ferreira & Mateus-Coelho, 2023), part of the book “Exploring Cyber Criminals and Data Privacy Measures” (Mateus-Coelho & Cruz-Cunha, 2023).
We were granted permission to share an excerpt focused on the management of cyber incidents and health risks.
“Considerations On The Management Of Cybersecurity Incidents And Health Risks
The process of managing cybersecurity incidents and health concerns involves a number of stages, including the assessment of threats, the implementation of security measures, and the creation of action plans. The following are some essential considerations that need to be given your attention:
The identification and evaluation of potential dangers are two of the most important preventative actions that may be taken in the management of health problems and cybersecurity incidents (Department of Health and Human Services, 2018). It is necessary to conduct an assessment of the information systems’ susceptibility to attack, to identify any potential dangers that may exist, and to take into account the potential impact those dangers could have on the facility as well as the patients (Predicting Cybersecurity Risk, n.d.).
Specialists in information security are required for this task since they are able to conduct a comprehensive examination of the systems and identify potential vulnerabilities. In addition to this, it is necessary to take into consideration the most recent legislation and regulations regarding information security in the healthcare industry (Buckley & Muggleton, 2019; Health Care Industry Cybersecurity Task Force Report, 2017; Le Bris & El Asri, 2017).
Vulnerabilities in information technology and cybersecurity that place personal information of residents as well as health care systems in jeopardy (National Institute of Standards and Technology, 2018; Palmaers, 2013; Predicting Cybersecurity Risk, n.d.).
Cybersecurity and information system threats have a substantial impact on how safe and private citizen data and health systems are. As a result, the integrity of the system, sensitive data, and the privacy of individual user records are all put in jeopardy. Concerns relating to cybersecurity that could potentially have an effect on healthcare systems include the following:
- Attacks using ransomware can compromise the availability and integrity of information systems, making it impossible for medical workers to access data that is necessary for the provision of treatment. Theft of sensitive data is a possibility whenever hackers hold data and systems hostage and demand a ransom in exchange for returning access to those systems and data.
Cybersecurity Risks in Health Data and Measures to Take
- Phishing: Using phishing assaults, users of information systems might have their passwords and other credentials used to get in to the system taken from them. Criminals may assume the identity of medical staff or businesses associated with the medical field in order to fool unsuspecting victims into divulging sensitive information.
- Fraud in Electronic Form: Examples of electronic fraud in the healthcare systems include identity theft, the creation of bogus accounts, and the counterfeiting of prescription pharmaceuticals. This type of fraud is becoming a greater cause for concern as technology continues to advance. This could lead to an increase in healthcare costs, in addition to putting the health and safety of patients and the quality of treatment provided at risk.
- Assaults that restrict access to essential information or data.
- Assaults that prohibit access to essential information or data have the potential to reduce the availability of information systems, so preventing access to crucial information or data that is necessary for healthcare.
A number of different cybersecurity measures, including the utilization of strong authentication, data encryption, routine backups of essential data, threat monitoring and detection, and routine security software and system updates, are need to be put into place in order to secure data and health systems. User education and awareness are also essential components in putting a halt to phishing scams and other types of threats that can be found online. Implementing cybersecurity policies and ensuring legal compliance are necessary steps towards ensuring users’ safety and privacy. These steps must be taken in tandem (Agencies Need to Address Aging Legacy Systems, n.d.; Ahmad et al., 2021; Arora & Kuriakose, 2019; Buckley & Muggleton, 2019; Kruse et al., 2017; Palmaers, 2013; Tejero & de la Torre, 2012).”
Ferreira, D. J. and Mateus-Coelho, N. (2023) ‘Cybersecurity risks in health data and measures to take’, Exploring Cyber Criminals and Data Privacy Measures, pp. 1–18. doi: 10.4018/978-1-6684-8422-7.ch001.
The full article can be accessed through the following link:
New Cognito specializes in large-scale projects that adapt to a variety of sectors. Accumulated through extensive experience in diverse global settings and across different technological domains, our expertise is relevant for businesses spanning a wide array of industries, including the most complex ones.