Health IT: The New Frontier of Cyberwar
Whether you want to believe it or not, healthcare is now the new frontier for an era of cyberwar where petty opportunists, organised crime and nation-states are all adversaries we have to prepare for.
As we’re at the anniversary of the WannaCry attack it’s a good time to reflect about the threats we face and how we’re coping with the increasing onslaught that healthcare providers and health IT suppliers are facing. From my perspective, my view has only hardened that WannaCry is the tip of the iceberg as far as risk goes. The attack opened our eyes but in part also risked causing us to become myopic.
Ransomware after all is only one way to cause chaos.
Typically, in the world of cybersecurity we talk about the world of C-I-A when it comes to types of harm, that is confidentiality, integrity and availability. Ransomware is a great example of what happens when systems and information become unavailable. It causes chaos and places our systems at a standstill, at least temporarily, but in most cases clinicians can make sure their patients are stable and stay out of harm’s way. There are of course exceptions but, in the end, we cope and can minimise harm.
Integrity is a different beast altogether though. I’ve been sharing a few case studies over the past few months including when I spoke at HIMSS in Las Vegas in March emphasising the devastation that can be caused by integrity-based attacks.
Imagine being a CIO or CCIO and getting a call asking for a ransom but instead of shutting down systems instead the attackers says they’ve started mixing patient medications for the last couple of hours? Or lab results? Or medical images? What if they’ve simply reset Early Warning Systems to report normal for all patients? Harm is potentially starting to happen and no-one knows it yet because it’s trust based. A pseudo-state of “Business as Usual” doesn’t have to be apparent chaos, it can be insidious and that’s the new frontier we have to prepare for. Not just technologically but in terms of people and processes.
Make no mistake about it, we’re already at war in healthcare. It just happens to be a cyberwar.
The UK e-Health Week conference, taking place at Olympia in London on 15 - 16 May, organised by HIMSS UK, will host several masterclasses around Artificial Intelligence (AI), design thinking and cybersecurity, and you can register here to secure your place.
HIMSS UK is the parent company of BJ-HC.