Before releasing a new feature, it should be vetted and tested against any possible vulnerability or attack scenario. It is impossible to have 100% protection against every type of attack however, she said. Numerous studies have highlighted how expensive cybersecurity incidents can be for an organization. Usually it is the monetary cost that is highlighted, but another problem is that it significantly erodes public trust.
“A common perception is that if an organization cannot appropriately safeguard sensitive user data, it raises questions regarding what other managerial processes within the organization may be flawed or broken,” said Victor Benjamin, PhD, an assistant professor in the Department of Information Systems in the W.P. Carey School of Business at Arizona State University in Tempe, Arizona.
Conduct Internal Security Audits
Physicians can protect themselves and their patients’ privacy by conducting internal security audits. This includes examining the internal technology ecosystem and network within an organization and cross-referencing vulnerable databases to check for potential security flaws. “Organizations should work with suppliers to maintain cybersecurity consistency,” Dr Benjamin said. “Many recent attacks occurring against organizations actually originate from within the supply chain.”
A compromised vendor was the cause of the 2013 Target data breach and the 2020 SolarWinds hack. Organizations should consider partnering with so-called red teams, Dr Benjamin said. “Red teams are typically professional cybersecurity consultants who are versed in network penetration,” Dr Benjamin said. These individuals are employed to try to exploit any potential security vulnerabilities within an organizations’ system. This can help provide some level of real-world cyberattack simulation.
All organizations should be practicing some level of cyber-risk mitigation that includes technological safeguards and processes that ensure good cybersecurity posture, he said. The level of cybersecurity readiness that an organization should put in place is typically related to the value of the data requiring protection. In health care settings, the data in question is patient information, which is valuable and sensitive. Risk mitigation often begins by taking stock of what technology, software, devices, and networking equipment an organization uses to operationalize their IT infrastructure. “Bluetooth-enabled devices should fall into this portfolio of technology that is examined and monitored,” Dr Benjamin said. “But what makes Bluetooth potentially more susceptible to attack is its incredibly useful nature of allowing for different devices to communicate over the air.”
For physicians, the rate of technological advancement is increasing rapidly. It takes a consistent effort over time to assess what new technologies can be used safely and efficiently but also with a low concern for abuse. “Really you can’t get around being a lifelong learner if you truly want to adopt the latest technologies to your specific domain of interest,” Dr Benjamin said. “You have to stay current with the needs of your practice, what novel capabilities are afforded by new technology, what risks bringing in those technologies may carry, and so on.”
It is highly recommended among cybersecurity experts that clinicians partner with outside consultants who better understand the technology space, and let them recommend technologies for use in health care environments. “At least then the liability can be pushed to the consultant organization rather than the physician,” Dr Benjamin said.
This article originally appeared on Renal and Urology News